An unnamed webhost was just hit with one of the largest DDoS attacks ever registered by Akamai, one of the world’s biggest web and cloud providers.
The attack was directed at a large hosting provider used by a number of political and social sites. Akamai didn’t reveal the name of the target, but the company did share some technical details about the attack itself.
DDoS attacks have been around forever, and it’s just one of the dangers that Internet providers have to deal with regularly. But the size and complexity of a DDoS attack determines its impact, and the one registered by Akamai was much bigger than anything that came before.
“A typical DDoS attack depends on one to three different attack vectors, but this one utilized nine,” said Roger Barranco, vice president of global security operations for Akamai. “The methods involved volumetric attacks, or floods, of ACK, SYN, UDP, NTP, TCP reset, and SSDP packets, multiple botnet attack tools, and CLDAP reflection, TCP anomaly, and UDP fragments. There were no zero-day vulnerabilities and novel techniques.”
At its peak, the DDoS attack clocked in at 1.44 terabit-per-second and lasted for about 90 minutes. According to a report on DUO.com, the attack sustained 1.2 terabits-per-second for an hour.
Akamai also said the attack required a lot of planning and coordination, not to mention access to a large infrastructure. Other providers have registered attacks larger than this one, including Amazon, which was subject to a 2.3 terabit-per-second DDoS attack a few months ago. The size and types of DDoS attacks are always changing. For example, many of the current DDoS attacks are deployed through rented services by gamers looking to disrupt online matches.