Cloudflare experienced a world-record-breaking DDoS attack, with 26 million requests per second. Cloudflare announced on Tuesday that it intervened last week to prevent a record-breaking 26 million request per second (RPS) distributed denial-of-service (DDoS) attack, making it the largest HTTPS DDoS attempt ever identified.

The attack came from a “strong” botnet of 5,067 devices, with each node delivering about 5,200 RPS at peak, according to the online performance and security provider. It was directed against an undisclosed client website using its Free plan.

The botnet is alleged to have flooded over 1,500 networks in 121 countries with over 212 million HTTPS requests in less than 30 seconds, including Indonesia, the United States, Brazil, Russia, and India. Tor nodes were responsible for about 3% of the attack.

According to Cloudflare’s Omer Yoachimik, the attack “originated primarily from Cloud Service Providers rather than Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things (IoT) devices.”

Because of the additional cost of establishing a secure TLS encrypted connection, launching HTTPS-based DDoS attacks is more computationally expensive.

Cloudflare has just prevented the second such volumetric HTTPS DDoS attack in as many months. It claims it thwarted a 15.3 million RPS HTTPS DDoS attack aimed at a customer running a crypto launchpad in late April 2022.

Volumetric DDoS attacks over 100 gigabits per second (gbps) increased by up to 645 percent quarter over quarter, according to the company’s DDoS attack trends report for Q1 2022.

“High-bit-rate attacks aim to produce a denial-of-service event by cluttering the Internet link, whereas high-packet-rate assaults attempt to overwhelm servers, routers, or other in-line hardware appliances,” the researchers explained.

“Packets are ‘dropped,’ meaning that the appliance is unable to process them. This causes service interruptions and denial of service for users.”

Have you enjoyed reading this article? To read more exclusive material from THN, follow us on Facebook. Cloudflare experienced a world-record-breaking DDoS attack, with 26 million requests per second.

Share.

Leave A Reply