Denial-of-service attacks are growing larger, last week Cloudflare reported that it measured the largest one ever.
Cloudflare has recorded a new record attack: a denial-of-service (DDoS) attack of 7.3 terabits per second, equivalent to 37.4 terabytes of data traffic in just 45 seconds. That’s 9,300 HD movie files. The attack was intended to make a Cloudflare customer unreachable.
22,000 Ports Attacked
Cloudflare reported that the attack primarily utilized User Datagram Protocol (UDP), a fast but unsecured communication method used for video streaming and DNS traffic. Because UDP doesn’t need to establish a connection or confirm receipt, it’s popular among attackers. In this case, an average of 22,000 ports were attacked simultaneously on a single IP address.
Smart Mix of Attack Forms
The majority of the attack consisted of direct UDP flood attacks, while a much smaller portion was carried out via reflection attacks. In these, attackers send requests to open servers with a spoofed sender address. These servers then send their response to the victim, greatly increasing the impact. Cloudflare observed amplification vectors such as Quote of the Day and Echo, and services like Portmapper being used.
The attack was carried out by Mirai-based botnets, which are networks of hacked smart devices such as cameras and routers. These networks remain a major problem because many of these devices are inadequately secured. Recently, this was the case with ASUS routers.