An unprecedented offensive: Cloudflare and the record-breaking DDoS
Learn how Cloudflare thwarted the most powerful DDoS attack ever recorded and protect your networks from advanced cyber threats
Cloudflare blocked a record 3.8 Tbps DDoS attack. The malicious traffic came from compromised ASUS routers. The attack exploited vulnerabilities in network layers 3 and 4, but Cloudflare's automated defenses minimized the impact to users.
Cloudflare recently successfully addressed and blocked a historic Distributed Denial of Service (DDoS) attack, peaking at 3.8 terabits per second (Tbps), the largest publicly documented attack to date. The Content Delivery Network (CDN) company identified the attack as part of a much larger campaign that lasted for about a month. During that time, the attack was notable for its extraordinary packet volume, reaching over 2 billion packets every second, and pressured targeted infrastructure through techniques targeted at the L3 and L4 levels.
DDoS stratagems: L3 and L4 levels in detail
Layer 3 (L3) attacks aim to saturate the capacity of network infrastructures by simultaneously sending massive data packets, focusing on network resources. On the other hand, at Layer 4 (L4), the focus shifts to exhausting the transport resources of a network with connection requests and anomalous traffic. According to Cloudflare, its defenses operated completely automatically and invisibly to end users, minimizing the impact on the services offered to customers. This transparent defense mechanism has proven its effectiveness in protecting both the infrastructure involved and users from the deleterious effects of the attack.
Critical timing and sources of malicious traffic
The peak of the attack was relatively short, starting at 15:01:25 and ending shortly after, at 15:02:30, when it was neutralized. The malicious traffic was found to be coming mainly from a large group of ASUS routers, presumably compromised through a serious vulnerability, recently identified with a near-maximum severity rating (9.8 out of 10) by Censys researchers. It is important to remember that any connected device, from laptops to IoT devices such as home appliances and smart bulbs, can become an integral part of a DDoS attack if a vulnerability is discovered or not patched.
Geolocation of Cloudflare attacks and motivations
The geographic origin of malicious traffic was mainly attributed to three countries: Russia (over 12%), Vietnam (over 11%), and the United States (about 10%). Italy was also involved, contributing 2.8% of the total malicious traffic. For companies like Cloudflare, disclosing these attacks and their defense methods is strategically advantageous: not only does it highlight the company's technical capabilities, but it also reassures customers and the public that their defense solutions are effective and reliable. Transparency towards the public is essential, especially when the effectiveness of these defenses ensures that customers do not suffer tangible disruptions.
Follow us on Facebook for more pills like this10/04/2024 14:10
Marco Verro