OVHcloud Sees Record 840 Mpps DDoS Attack

by
janrinok
from SoylentNews on (#6P1K2)

upstart writes:

OVHcloud Sees Record 840 Mpps DDoS Attack:

Cloud provider OVHcloud this week revealed that it had mitigated the largest ever distributed denial-of-service (DDoS) attack in terms of packet rate, amid an overall increase in DDoS attack intensity.

Packet rate DDoS attacks seek to overload the processing engines of the networking devices close to the target, essentially taking down the infrastructure in front of the victim, such as the anti-DDoS systems.

Packet rate DDoS attacks, the cloud provider explains, are highly effective as their mitigation requires dealing with many small packets, which is typically more difficult than dealing with less, albeit larger packets.

"We can summarize this problem into a single sentence: if your job is to deal mostly with payloads, bandwidth may be the hard limit; but if your job is to deal mostly with packet headers, packet rate is the hard limit," OVHcloud notes.

Peaking at around 840 Mpps (million packets per second), the largest packet rate attack was registered in April this year, breaking the record that was set at 809 Mpps in 2021.

Even more worrying, however, is that OVHcloud has been observing a sharp increase in packet rate DDoS attacks above the 100 Mpps threshold over the past six months.

Typically, threat actors rely on DDoS attacks that focus on exhausting the target's bandwidth (network-layer or Layer 3 attacks) or resources (application-layer or Layer 7 attacks), but the adoption of packet rate assaults is surging.

"We went from mitigating a few of them each week, to tens or even hundreds per week. Our infrastructures had to mitigate several 500+ Mpps attacks at the beginning of 2024, including one peaking at 620 Mpps. In April 2024, we even mitigated a record-breaking DDoS attack reaching ~840 Mpps," OVHcloud says.

Most of the traffic used in the record attack, the cloud provider says, consisted of TCP ACK packets originating from roughly 5,000 IPs.

The company's investigation revealed the use of MikroTik routers as part of the attack, specifically cloud core routers - namely the CCR1036-8G-2S+ and CCR1072-1G-8S+ device models. There are close to 100,000 CCR devices exposed to the internet, with the two models accounting for roughly 40,000 of them.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments