Content delivery and cloud security specialist Akamai claims to have mitigated the largest-ever packet-per-second (PPS) DDoS attack. The target was attacked at a rate of 809 million packets per second.
DDoS attacks are volume-based attacks that target companies using large amounts of data or IP requests to shut down IT infrastructure. These attacks often come in two distinct formats, so-called ‘bits per second’ (BPS) attacks and packet-per-second (PPS) attacks.
The first type often involves shutting down the circuits. With the second type – which is relatively uncommon – an attempt is made to exhaust the network systems and/or applications in the data centers or cloud environments and to shut them down because the networks are no longer able to handle the traffic.
Extremely high PPS load
Akamai’s massive attack last week was one in the last category. The attack on a European bank was designed in such a way that the extremely high PPS load had to overwhelm the existing DDoS control systems.
The data packets sent contained only a payload of 1 byte, but it was primarily the quantity, which peaked at 809 million packets per second, that showed the scope of the attack. This meant that billions of bytes were sent to the bank’s network. The attack itself lasted only 10 minutes, but the peak was reached after only two minutes, Akamai said.
Huge amount of source IP addresses
In addition to the extremely high data traffic, the security specialists also noticed that packets were sent from a vast number of IP addresses. This gave the impression that the attack was highly distributed. Akamai discovered up to 600 times the amount of source IP addresses per minute that the security specialist commonly encountered during these types of attacks. According to the security specialist, this could be an indication that a new unknown botnet was being deployed.
Proper planning is necessary
How Akamai managed to mitigate the attack has not been revealed. However, the security specialist indicates that in order to mitigate these types of large attacks, proper planning and, above all, strong specialists are needed. The migration process starts with a good understanding of the data traffic in order to distinguish normal traffic flows and volumes and with configuring proactive combat tools. The ultimate goal is to identify and deal with malicious traffic without affecting legitimate data traffic.