Google Cloud has revealed that it blocked the largest distributed denial-of-service (DDoS) attack on record to date, peaking at 46 million requests per second (rps).
The June 1st attack targeted a Google Cloud customer using the Google Cloud Armor DDoS protection service.
During the 69-minute attack, the attackers bombarded his client's HTTP/S Load Balancer with HTTPS requests, starting at 10.000 rps, escalating to 100.000 rps, before peaking at 46 million rps.
Google says it was the largest attack ever at Layer 7, referring to the application layer — the top layer — in the Internet's OSI model.
The attack on the Google client was almost twice as large as an HTTPS DDoS attack to a Cloudflare customer in June and peaked at 26 million rps. This attack was carried out by a relatively small botnet consisting of 5.067 devices in 127 countries.
The attack on the Google client was conducted over HTTPS, but the “HTTP Pipelining” technique was used to scale the rps. Google reported that the attack originated from 5.256 IP addresses from 132 countries.
"The attack used encrypted requests (HTTPS) which would have required additional computing resources to generate," Google said.
"Although termination of encryption was necessary to inspect traffic and effectively mitigate the attack, the use of HTTP Pipelining required Google to complete relatively few TLS handshakes.”
Google said the geographic distribution and types of insecure services used to create the attack matched the Meris family of botnets. Mēris is an IoT botnet that appeared in 2021 and consists mainly of compromised MikroTik routers.
If you are interested in more details read the announcement issued by Google about the event.
