Imperva mitigated a SYN flood DDoS attack against one of its clients that exceeded 500 million packets per second, this is the largest ever.



Earlier this month, the cyber security software and services company Imperva mitigated an attack against one of its clients that exceeded 500 million packets per second. This attack was a SYN flood DDoS and it is the largest DDoS attack by packet volume ever observed.

The attacker sent both a flood of normal SYN packets and a large SYN flood

using two previously known tools.

The attacker used highly randomized and likely spoofed set of source ports and addresses to send packets of between 800 and 900 bytes.

Normal SYN packets allow to saturate the target resources, while larger packets saturate the network.

According to the experts, the two tools used in the attack were developed by two different individuals, and the attacker combined them in the January attack.

“When we investigated, we realized the attack wasn’t generated using new tools, but two common older ones: one for the syn attack and the other for the large syn attack. Although both tools try to mimic legitimate operating systems, there are some odd, suspicion-raising differences.” reads the report published by Imperva.

“One possible hypothesis is that these tools, although used in the same attack, were written by two different individuals and then combined to form an arsenal and launch the most intensive DDoS attack against Network infrastructure in the history of the Internet. “

Experts pointed out that the most important factor to evaluate the magnitude of a DDoS attack are the Packets per second (PPS).M

The mitigation of DDoS attacks involving very high PPS is very hard because of the computer processing power required to evaluate every single packet.

Network appliances mostly evaluate the headers of every packet and only in a limited number of case they inspect the full payload. Their limiting factor is the packet rate, not the packet size.

Since today, the 2018 GitHub DDoS attack that peaked 1.35 Tbs is considered the largest-ever distributed denial of service. or instance. Its traffic was mainly composed of large packets sent from the same port from different servers at a relatively low PPS rate of around 129.6 million.

The attack observed by Imperva this month was nearly four times in terms of the number of packets being sent from random sources.

The good news is that high PPS attacks are difficult to generate because they require more computational resources.

Pierluigi Paganini

( SecurityAffairs – DDoS, hacking)

Share this...

Linkedin Reddit Pinterest

Share On