DDoS detection tool FastNetMon detected a DDoS attack of 1.5 billion packets per second. The target: a European provider of DDoS scrubbing services.
The attack is one of the largest DDoS attacks ever, but still falls far short of the 11.5 billion packets recently detected by Cloudflare. The choice of target is striking in any case: the DDoS attack was aimed at a service that protects other organizations against the consequences of such a “packet flood.”
Hijacked household appliances as weapons
The malicious traffic originated from more than 11,000 unique networks worldwide. These consisted mainly of compromised customer-premises equipment (CPE), including IoT devices and routers. In other words, many IP addresses of unsuspecting users were unintentionally complicit.
UDP floods formed the basis of the attack. This protocol is often abused because it does not require a handshake like TCP and is therefore easier to spoof. The combination of massively hijacked equipment and an efficient attack protocol made the scale of the attack possible.
New record in the face of Cloudflare
The timing of the announcement is striking. Just a few days ago, Cloudflare reported a record-breaking 11.5 Tbps DDoS attack. That was double the size of a previous DDoS attack reported by the same company earlier this year.
Unsurprisingly, FastNetMon is enthusiastic about its own Advanced platform, which detected the attack. Thanks to “optimized C++ algorithms for real-time network visibility,” FastNetMon detected the attack within seconds. This rapid response prevented service outages that would otherwise have affected the victim.
Industry must act now
Pavel Odintsov, founder of FastNetMon, calls the attack “part of a dangerous trend.” “When tens of thousands of CPE devices can be hijacked for coordinated packet floods of this magnitude, the risks for network operators grow exponentially. Detection logic must be implemented at the ISP level to stop outgoing attacks before they scale up.”
This points to a structural problem. Although defensive measures continue to improve, the offensive potential of botnets is increasing even faster. The availability of millions of unsecured IoT devices worldwide creates a virtually inexhaustible supply of weapons for attack. It is difficult to imagine how this actually simple attack will go beyond an arms race, especially when we see how often critical services are taken offline by a DDoS.
Modern DDoS protection therefore requires a holistic approach, FastNetMon points out. Individual organizations can defend themselves, but without a comprehensive approach focused on collaboration, a solution remains elusive.