Cloudflare on Tuesday disclosed that it had acted to prevent a record-setting 26 million request per second (RPS) distributed denial-of-service (DDoS) attack last week, making it the largest HTTPS DDoS attack detected to date.
The web performance and security company said the attack was directed against an unnamed customer website using its Free plan and emanated from a “powerful” botnet of 5,067 devices, with each node generating approximately 5,200 RPS at peak.
The botnet is said to have created a flood of more than 212 million HTTPS requests within less than 30 seconds from over 1,500 networks in 121 countries, including Indonesia, the U.S., Brazil, Russia, and India. Roughly 3% of the attack came through Tor nodes.
The attack “originated mostly from Cloud Service Providers as opposed to Residential Internet Service Providers, indicating the use of hijacked virtual machines and powerful servers to generate the attack — as opposed to much weaker Internet of Things (IoT) devices,” Cloudflare’s Omer Yoachimik said.
images from Hacker News