The largest DDoS attack to date, peaking above 398M rps

751 点作者 tomzur超过 1 年前

34 条评论

dang超过 1 年前

Related ongoing threads:The novel HTTP/2 'Rapid Reset' DDoS attack - <a href="https://news.ycombinator.com/item?id=37830987">https://news.ycombinator.com/item?id=37830987</a>HTTP/2 Zero-Day Vulnerability Results in Record-Breaking DDoS Attacks - <a href="https://news.ycombinator.com/item?id=37830998">https://news.ycombinator.com/item?id=37830998</a>

pythonguython超过 1 年前

Who has an incentive to carry out these DDos attacks? Why would anyone be willing to spend large amounts of money and develop a sophisticated attack against corporate cloud infrastructure? It seems like the only reasonable answer is foreign governments. But still what is the result - you inconvenience American tech companies and their customers for a few hours? This happens all the time, so clearly someone finds it worthwhile. Can anyone help me understand?

评论 #37833074 未加载

评论 #37832817 未加载

评论 #37832931 未加载

评论 #37834071 未加载

评论 #37833143 未加载

评论 #37833544 未加载

评论 #37833127 未加载

评论 #37832888 未加载

评论 #37836676 未加载

评论 #37833764 未加载

评论 #37834882 未加载

评论 #37837079 未加载

评论 #37836381 未加载

评论 #37841357 未加载

评论 #37838919 未加载

评论 #37833394 未加载

评论 #37833457 未加载

评论 #37835654 未加载

oldtownroad超过 1 年前

At a previous company, we were subject to semi-frequent attacks (of a much smaller scale). The operating assumption internally was that it’s a competitor trying to undermine us but it remains a mystery.Anyone involved in these type of attacks (at internet-infrastructure scale or targeting specific companies) brave/crazy enough to create a throwaway account and tell hn about the motivations?

评论 #37831243 未加载

评论 #37831540 未加载

评论 #37834029 未加载

评论 #37831743 未加载

评论 #37839938 未加载

评论 #37833690 未加载

评论 #37831269 未加载

评论 #37832022 未加载

dduarte超过 1 年前

Same attack on Cloudflare <a href="https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/" rel="nofollow noreferrer">https://blog.cloudflare.com/zero-day-rapid-reset-http2-recor...</a>

评论 #37831316 未加载

glenngillen超过 1 年前

> We noticed these attacks at the same time two other major industry players — Google and AWS — were seeing the same.Curious if there's anyone in the HN crowd that works at this level in one of the major vendors. What happens during an attack of this scale? Are there people from Cloudflare + Google + AWS on a live videoconference call co-ordinating with each other in real-time to mitigate it? Or is each vendor mostly observing from a distance what is happening elsewhere, and solely focussed on sorting their own problems out?

评论 #37839217 未加载

sph超过 1 年前

How does DDoS mitigation work? When people say "I put my website behind Cloudflare to mitigate DDoSes", what does it mean exactly?Is it only about having a large enough ingress pipe that you can weather however many Gb/s you are being bombarded with, and still having some spare capacity for legitimate traffic?

评论 #37831384 未加载

评论 #37831289 未加载

评论 #37832039 未加载

评论 #37831327 未加载

评论 #37831272 未加载

评论 #37831376 未加载

评论 #37832011 未加载

评论 #37842405 未加载

评论 #37831345 未加载

adzm超过 1 年前

Linked in this article is more info on the rapid reset feature of HTTP2 which was used at part of the ddos <a href="https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack" rel="nofollow noreferrer">https://cloud.google.com/blog/products/identity-security/how...</a>

ricardobeat超过 1 年前

No word on the origin of these attacks? This must require massive amounts of hardware, you’d imagine it to be easily traceable unless some kind of botnet.

评论 #37831355 未加载

评论 #37831277 未加载

评论 #37831541 未加载

评论 #37831383 未加载

dominicdoty超过 1 年前

Couldn't cloudflare show a page to the next handful of http requests from an IP informing the user that "something on your network is participating in DDoS attacks".All the big providers could do this, just inject a little turnstile like page in front of the next cloudflare site you visit.I would love to know if there's a compromised device on my network, and I don't have any real monitoring set up to detect it.It's not a full solution, but at least informing users there is a problem is a good start.

评论 #37893670 未加载

评论 #37841402 未加载

tuananh超过 1 年前

Cloudflare blog: <a href="https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/" rel="nofollow noreferrer">https://blog.cloudflare.com/zero-day-rapid-reset-http2-recor...</a>

mihaic超过 1 年前

The fact that large cloud providers can handle huge DDoS attacks I think in the long run leads to a worse internet. It forces botnets to up their game and for websites the only solutions available are to pay Google, Amazon or Cloudflare a protection tax.I honestly don't see any other options, but I'd really wish for them to come through some community coordinated list of botnet infected IPs or something.

评论 #37831664 未加载

评论 #37832309 未加载

评论 #37831425 未加载

评论 #37831528 未加载

评论 #37831385 未加载

评论 #37831407 未加载

评论 #37831740 未加载

评论 #37831660 未加载

评论 #37831470 未加载

评论 #37831531 未加载

评论 #37831440 未加载

评论 #37831424 未加载

评论 #37832614 未加载

评论 #37831639 未加载

评论 #37834101 未加载

评论 #37832396 未加载

评论 #37832207 未加载

评论 #37832790 未加载

评论 #37832828 未加载

评论 #37832761 未加载

评论 #37831476 未加载

评论 #37833120 未加载

评论 #37832163 未加载

评论 #37835497 未加载

评论 #37832296 未加载

评论 #37831755 未加载

评论 #37832366 未加载

评论 #37834969 未加载

评论 #37831779 未加载

tommica超过 1 年前

Sorry, I forgot to break out of my while loop

metalrain超过 1 年前

So given that minimum size of HTTP request is something under 32 bytes, some sources say 18 bytes but let's be generous here HTTP can be complex. In theory I could send 4M requests in second with 1 Gbps connection. 1 Tbps total connection capacity could do close to 4.3B rps given perfect distribution.I imagine distributing the load becomes harder/more expensive the bigger the scale. In real network you probably have to find the paths that don't slow you down and then strike for short time before you are banned.Cloudflare has made post about mitigating 2 Tbps DDOS in 2021, so in real attacks request sizes aren't quite that optimal.

1vuio0pswjnm7超过 1 年前

"In the end, H2 [HTTP/2] is not much robust but each implementation has certain possibilities to cover some of the limitations and these differ due to many architectural constraints.""The good point in this is that this will probably make more people want to reconsider H3/QUIC [HTTP/3] if they don't trust their products anymore :-)"<a href="https://www.mail-archive.com/haproxy@formilux.org/msg44136.html" rel="nofollow noreferrer">https://www.mail-archive.com/haproxy@formilux.org/msg44136.h...</a>

codedokode超过 1 年前

Such attacks are possible because ISPs do not want to adopt a protocol that would allow any host to send a special packet to block malicious traffic on the upstream provider or even at the source network. In this case networks like Cloudflare would become unnecessary.

评论 #37832238 未加载

评论 #37832095 未加载

评论 #37833830 未加载

评论 #37831979 未加载

SigmundurM超过 1 年前

AWS blog: <a href="https://aws.amazon.com/blogs/security/how-aws-protects-customers-from-ddos-events/" rel="nofollow noreferrer">https://aws.amazon.com/blogs/security/how-aws-protects-custo...</a>

Aissen超过 1 年前

Interestingly, the CVE is still "reserved": <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-44487" rel="nofollow noreferrer">https://nvd.nist.gov/vuln/detail/CVE-2023-44487</a> .

MuffinFlavored超过 1 年前

How large of a “botnet” did it take to cause 398M rps?

评论 #37831769 未加载

phendrenad2超过 1 年前

Any info on where these attacks originate? I'm guessing it's hacked routers and IoT devices. I wonder if it's time for governments to start giving IoT vendors "DDoS scores" and mandating that they appear on the label.

datadeft超过 1 年前

398 million requests per second is really the largest DDOS attack to date?

icing0超过 1 年前

You can send thousands of such Request+RST to an Apache httpd per connection, but it will only work on 2 of them at a time.We are an old server. You have to be nice to us before we do more for you. -.-

sidcool超过 1 年前

I am impressed from both parties, from a tech perspective. The attackers who exploited HTTP2, and Google that mitigated it.How did Google mitigate it exactly? Is there a technical deep dive?

评论 #37833882 未加载

nancyp超过 1 年前

Is there a chance that these cloud ddos service providers are attacking each other or themselves to create PR opportunities?

endisneigh超过 1 年前

Wonder how you could even handle this if you weren’t using a big cloud provider and didn’t have a lot of money to spend.

评论 #37831831 未加载

评论 #37832261 未加载

评论 #37832193 未加载

luckystarr超过 1 年前

Should Google actually provide the DDoS initiators with debug information like this graph? Just thinking...

评论 #37832691 未加载

theanonymousone超过 1 年前

Novice here. Should I seek the patch from the web application framework I use (e.g. Jetty, Spring Boot)?

qaq超过 1 年前

Hmm wasn't there like 3.47Tbps attack on MS that's prob about same magnitude

AtNightWeCode超过 1 年前

This is just Google bs. There is no way in hell they can't mitigate anything at the edge of this nature. If this was a real problem it most likely originated from within GCP. The article does not even state where the traffic comes from.EDIT: Ok, so this was a 0-day issue. Then it all makes more sense. Sorry.

jruohonen超过 1 年前

So is this a new world record?

评论 #37831319 未加载

评论 #37831401 未加载

narag超过 1 年前

Any clue who was the target?Can such an attack be performed with botnets?

2OEH8eoCRo0超过 1 年前

Who was the target?!

mjan22640超过 1 年前

As elections are getting closer, the public needs to be primed for adversary attacks and disinformation.

mgaunard超过 1 年前

398M rps means a request every 2.5ns.Most likely the figure is incorrect, or at least misleading.

评论 #37835063 未加载

评论 #37833715 未加载

ChumpGPT超过 1 年前

Cut China, North Korea, Iran and Russia off from the Internet and problem solved. It will be difficult but it can be done.

评论 #37832015 未加载

评论 #37832107 未加载

评论 #37831638 未加载