Google Cloud confirms that it recently repelled the largest DDoS attack. According to the cloud giant, the attack was quickly detected and blocked at the edge of Google’s network. The client was therefore not affected.
Google Cloud, victim of the largest Layer 7 DDoS attack
So far, the DDoS attack reported by Cloudflare registers as the largest of all time. However, towards the beginning of June, Google Cloud notably perceived a layer 7 DDoS attack even bigger.
Emil Kiner, Senior Product Manager at Google and Satya Konduru, CTO at Google described this terrible attack as follows. “To give an idea of the scale of the attack, it’s like receiving all the daily queries to Wikipedia in just 10 seconds. In fact, a distributed attack starting at 10,000rps started targeting a Google Cloud HTTP/S load balancer. It first went to 100,000rps and eventually peaked at 46 million rps. Besides, it was only in a few minutes.
Google used Cloud Amor Adaptive Protection to detect and analyze traffic at the very beginning of the attack. So it alerted the client with a protection rule before the attack reached its maximum size. Based on comments from the Senior Director of Engineering at Tellius, Cloud Amor should be an integral part of any architecture, especially for the SaaS offering.
Some details about the attack
Kiner and Konduru provide some details about how the attack happened. According to them, 5256 source IP addresses from 132 countries contributed to the attack. About 22% of the source IPs apparently corresponded to Tor exit nodes. And this, even if the volume of requests from these nodes represents only 3% of the traffic. Furthermore, the geographical distribution and types of insecure services behind this Google attack belong to the Meris family. The Meris method is well known for its massive attacks that break DDos records. In fact, it abuses insecure proxies to hide the true origin of attacks.
According to Google Cloud, the attack ended after 69 minutes. That’s probably when the striker could realize that he not only didn’t get the impact he wanted. But also, that he has incurred considerable expenses with this.
The name of the targeted Google Cloud customer was not disclosed. Fortunately, with the help of Cloud Amor and the initiatives taken in time, this attack by Google had no impact on him.