The hosting provider OVH continues to face massive DDoS attacks launched by a botnet composed at least of 150000 IoT devices.

Last week, the hosting provider OVH faced 1Tbps DDoS attack, likely the largest one ever seen. The OVH founder and CTO Octave Klaba reported the 1Tbps DDoS attack on Twitter sharing an image that lists the multiple sources of the attack. “Last days, we got lot of huge DDoS. Here, the list of “bigger that 100Gbps” only. You can see the simultaneous DDoS are close to 1Tbps !” said Klaba. Klaba explained that the servers of its company were hit by multiple attacks exceeding 100 Gbps simultaneously concurring at 1 Tbps DDoS attack. One of the attacks documented by the OVH reached 93 MMps and 799 Gbps.

Klaba speculated the attackers used an IoT botnet composed also of compromised CCTV cameras. Now we have more information on the

Now Klaba added further information on the powerful DDoS attacks, the CTO of the OVH claimed that the botnet used by attackers is powered by more than 150,000 Internet of Things (IoT) devices, including cameras and DVRs.

The overall botnet is capable of launching attacks that exceed 1.5 Tbps.

This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS. Type: tcp/ack, tcp/ack+psh, tcp/syn. — Octave Klaba / Oles (@olesovhcom) 23 settembre 2016

The bad news for the OVH company is that attacks are still ongoing and the size of the botnet is increasing.

“+6857 new cameras participated in the DDoS last 48H.” added Klaba.

The company was targeted by various types of traffic, including Generic Routing Encapsulation (GRE) traffic, a novelty in the DDoS landscape.

Unfortunately, such kind of DDoS attacks will be even more frequent, it is too easy for hackers gain control of poorly configured, or vulnerable, IoT devices.

Last week experts observed another massive DDoS that targeted the website of the popular cyber security expert Brian Krebs. Krebsonsecurity was targeted by a DDoS attack of 665 Gbps.

The attacks against OVH and Krebsonsecurity are the largest ones reported so far.

Pierluigi Paganini

(Security Affairs – 1 Tbps DDoS attack, IoT)

Share this...

Linkedin Reddit Pinterest

Share On