Google: Here's How We Blocked the Largest Web DDoS Attack Ever
An Anonymous Coward writes:
Google Cloud has revealed it blocked the largest distributed denial-of-service (DDoS) attack on record, which peaked at 46 million requests per second (rps).
The June 1 attack targeted one Google Cloud customer using the Google Cloud Armor DDoS protection service.
[...] Google says it is the largest ever attack at Layer 7, referring to the application layer - the top layer - in the OSI model of the Internet.
The attack on Google's customer was almost twice the size of a HTTPS DDoS attack on a Cloudflare customer in June that peaked at 26 million rps. That attack also relied on a relatively small botnet consisting of 5,067 devices spread over 127 countries.
[...] Google noted that this Mris-related botnet abused unsecured proxies to obfuscate the true origin of the attacks.
It also noted that around 22% or 1,169 of the source IPs corresponded to Tor exit nodes, but the request volume coming from those nodes amounted to just 3% of the attack traffic.
"While we believe Tor participation in the attack was incidental due to the nature of the vulnerable services, even at 3% of the peak (greater than 1.3 million rps) our analysis shows that Tor exit nodes can send a significant amount of unwelcome traffic to web applications and services."
Previously: Massive DDoS Attack Delivered By Tiny Botnet
Read more of this story at SoylentNews.