Google blocked a series of HTTPS distributed denial-of-service (DDoS) attacks peaking at 46 million requests per second on 1 June.
“This is the largest Layer 7 DDoS reported to date — at least 76% larger than the previously reported record,” Google said.
Google said DDoS attacks could degrade performance and user experience, increase operating and hosting costs, and lead to the complete unavailability of mission-critical workloads.
The attack started at 10,000 requests per second (rps), jumping to 100,000 after eight minutes.
Within another two minutes, the attack skyrocketed to 46 million rps. The attack lasted 69 minutes.
“To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds.”
Google said 5,256 Internet Protocol addresses (IPs) from 132 countries contributed to the attack.
“Approximately 22% (1,169) of the source IPs corresponded to Tor exit nodes, although the request volume coming from those nodes represented just 3% of the attack traffic.”
“Even at 3% of the peak (greater than 1.3 million rps) our analysis shows that Tor exit-nodes can send a significant amount of unwelcome traffic to web applications and services.”
Google said the geographic distribution and types of unsecured services used in generating the attack match the Mēris family of attacks.
“Known for its massive attacks that have broken DDoS records, the Mēris method abuses unsecured proxies to obfuscate the true origin of the attacks,” Google said.
Another noteworthy characteristic of the attack is that it used encrypted (HTTPS) requests.
These would have taken additional computing resources to generate, Google stated.
“Although terminating the encryption was necessary to inspect the traffic and effectively mitigate the attack, the use of HTTP Pipelining required Google to complete relatively few TLS handshakes.”
Cloudflare reported the previous record-holding DDoS attack in mid-June — a 26 million rps attack.
The botnet responsible for the attack was named Mantis, after the Mantis Shrimp’s powerful blows belied by its small build.