An unnamed webhost was just hit with one of the largest
DDoS attacks ever registered by Akamai, one of the world’s biggest web and
cloud providers.
The attack was directed at a large hosting provider used
by a number of political and social sites. Akamai didn’t reveal the name of the
target, but the company did share some technical details about the attack
itself.
DDoS attacks have been around forever, and it’s just one
of the dangers that Internet providers have to deal with regularly. But the
size and complexity of a DDoS attack determines its impact, and the one
registered by Akamai was much bigger than anything that came before.
“A typical DDoS attack depends on one to three different
attack vectors, but this one utilized nine,” said Roger Barranco, vice
president of global security operations for Akamai. “The methods involved
volumetric attacks, or floods, of ACK, SYN, UDP, NTP, TCP reset, and SSDP
packets, multiple botnet attack tools, and CLDAP reflection, TCP anomaly, and
UDP fragments. There were no zero-day vulnerabilities and novel techniques.”
At its peak, the DDoS attack clocked in at 1.44
terabit-per-second and lasted for about 90 minutes. According to a report on DUO.com,
the attack sustained 1.2 terabits-per-second for an hour.
Akamai also said the attack required a lot of planning
and coordination, not to mention access to a large infrastructure. Other
providers have registered attacks larger than this one, including Amazon, which
was subject to a 2.3 terabit-per-second DDoS attack a few months ago. The size and types of DDoS attacks are always
changing. For example, many of the current DDoS attacks are deployed through
rented services by gamers looking to disrupt online matches.