Left Menu
Development News Edition

Google absorbed record-breaking 2.5 Tbps DDoS attack in September 2017

Google recommends individual users to ensure their computers and IoT devices are patched and secured. On the other hand, businesses are recommended to report criminal activity, ask their network providers to trace the sources of spoofed attack traffic and share information on attacks with the internet community in a way that doesn't provide timely feedback to the adversary.

Devdiscourse News Desk | California | Updated: 17-10-2020 12:37 IST | Created: 17-10-2020 12:34 IST
Google absorbed record-breaking 2.5 Tbps DDoS attack in September 2017
(Representative Image) Image Credit: Flickr

Google on Friday revealed that its infrastructure absorbed a 2.5 Tbps DDoS (distributed denial-of-service) attack in September 2017, a record-breaking UDP amplification attack sourced out of several Chinese internet service providers (ISPs).

According to the search giant, the 2017 attack was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier and it remains the highest-bandwidth attack reported to date.

"Our infrastructure absorbed a 2.5 Tbps DDoS in September 2017, the culmination of a six-month campaign that utilized multiple methods of attack. Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defenses, the attack had no impact," Damian Menscher, Security Reliability Engineer at Google Cloud wrote in a blog post.

The attackers used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us, demonstrating the volumes a well-resourced attacker can achieve, Menscher added.

Even though the DDoS attack didn't cause any impact, Google says it reported thousands of vulnerable servers to their network providers and also worked with them to trace the source of the spoofed packets so they could be filtered.

Further, the post highlighted some innovative ways to defend against these advanced attacks. For instance, customers can deploy Google Cloud Armor to protect their websites and applications from exploit attempts as well as distributed denial-of-service (DDoS) attacks. Further, Cloud Armor WAF provides built-in rules for common attacks as well as the ability to deploy custom rules to drop abusive application layer requests using a broad set of HTTP semantics.

Google recommends individual users to ensure that their computers and IoT devices are patched and secured. On the other hand, businesses are recommended to report criminal activity, ask their network providers to trace the sources of spoofed attack traffic and share information on attacks with the internet community in a way that doesn't provide timely feedback to the adversary.


TRENDING

OPINION / BLOG / INTERVIEW

New farm bills in India: Focusing on farms or farmers?

... ...

Kenya’s COVID-19 response: Chaos amid lack of information

Confusing numbers and scanty information on how effective curfews and lockdowns have been in breaking transmission have amplified coordination and planning challenges in Kenyas response to COVID-19. Without accurate data, it is impossible t...

Farkhad Akhmedov: Calculating the price of impunity from the law

In insistences such as the battle over the Luna, Akhmedov has resorted to extreme legal machinations to subvert the High Courts decision and keep his assets from being seized. ...

Guinea’s elections hearken back to the autocracy and violence of its past

... ...

Videos

Latest News

U.S. may file antitrust charges against Facebook as soon as November - newspaper

Facebook Inc may face U.S. anti-trust charges as soon as November, the Washington Post reported on Friday, citing four people familiar with the matter.The Federal Trade Commission met privately on Thursday to discuss a probe while state att...

Texas may not limit ballot drop boxes for U.S. election -appeals court

A Texas appeals court on Friday ruled the Republican governor cannot limit drop-off sites for mail ballots to one per county, a setback for U.S. President Donald Trump. Upholding a lower court decision, the appeals court ruled against Texas...

Navy aircraft crashes in Alabama; extent of injuries unclear

A US Naval aircraft crashed Friday in Alabama, authorities said. The Baldwin County Sheriffs Office tweeted that the crash occurred in Magnolia Springs, which is southeast of Mobile, near the Gulf Coast. They did not immediately release inf...

Bolivia's Arce pledges to "rebuild" as landslide election win confirmed

Bolivias President-elect Luis Arce pledged on Friday to rebuild the Andean country after a tumultuous year of political turmoil and the pandemic, as the official vote count confirmed a landslide win for his socialist party. The final tally ...

Give Feedback