Posted on July 13, 2020 at 5:48 PM
It was just this week when it was revealed by Cloudflare that they managed to detect and then subsequently mitigate a packet-based volumetric DDoS attack. This attack, according to the blog Cloudflare had posted, had managed to peak at a staggering 754 million packets per second.
According to the Cloudflare researchers, this peak stood as part of a four-day denial of service attack that occurred during the time frame of the 18th of June, 2020, and stretched to the 21st of June, 2020. This time frame saw over 316,000 different IP addressed directed at a singular address of Cloudflare.
The blog post went into great detail about the matter, and the researchers of Cloudflare reported that the attack combined three separate forms of TCP attack vectors. The first was ACK floods, with SYN floods coming along with it.
Lastly, the attack made use of SYN-ACK floods, on top of that. For a period that stretched just over four days straight, this attack managed to stay within the range of 400 million and 600 million packets-per-second, doing so for hours at a time. The managed to peak past this, however, doing so on multiple occasions, and managed to go past 700 million packets-per-second
The idea behind the packet-based attack was to try and completely overload the routers and data center appliances that Cloudflare uses. This comes instead of flooding the in-bound data connections of the network itself. According to Cloudflare, these massive-scale attacks managed to persist, even with a decrease in both the duration and size of DDoS attacks during last year.
Several Bold Statements Made
Once you turn to the official blog post of the Cloudflare website, some details can be gained. The single Cloudflare IP that was the target, was mostly used for websites that had signed on for their Free Plan.
According to the blog post, there was no downtime or service degradation reported within this attack. Furthermore, it assured that no customers had accrued charges due to its unmetered mitigation guarantee.
Furthermore, Cloudflare claimed that the threat was detected, then automatically handled by its global DDoS detection and mitigation system: Gatebot, and stated that there were no manual interventions by the teams of Cloudflare.
Some Big Enemies
Why someone would go through the time and effort to create a botnet of sufficient size and scope to sustain such a powerful DDoS attack isn’t entirely clear. It could be an attempt from competitors, or it could just be a well-established hacker group that had a grudge against Cloudflare as a whole.
The packet-based DDoS attack, in particular, the team behind the attack opted to overwhelm the data center appliances and routers by extremely high packet rates, which the blog describes as a mosquito swarm needing to be addressed one by one.
These sorts of attacks typically target a week link, such as firewalls, web servers, routers, switches, or even the DDoS mitigation devices themselves. This massive influx of packets aims to overwhelm the memory buffer of a device, making it incapable of processing anything else but the DDoS attack itself. Thus, the internet connection is blocked by not overwhelming the net traffic, but overwhelming the hardware in the network itself.
Corporations Will Be Corporations
It should further be noted that this was done by a Cloudflare blog post, and should be taken with a grain of salt. It’s all too easy for a large corporation to play with words, such as the term “mitigate” instead of “prevent” or “stop.”
The problem was probably larger Cloudflare really wants to admit, but that’s nothing new in the cybersecurity space. Loss of trust can make or break a company by virtue of public opinion.
One can hope that such an attack won’t happen again, but it’d probably be more probable to expect to win the lottery while never submitting a lottery card. It’s simply the way of the cyber world to receive cyber attacks. It’s an eternal arms race that won’t entirely stop regardless of how long it’s been since it started.