法国云公司OVHcloud遭受创纪录840百万PPS DDoS攻击

French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps).

法国云计算公司OVHcloud表示,该公司在2024年4月遭受了一次有史以来规模最大的分布式拒绝服务(DDoS)攻击,达到了每秒840百万数据包的数据包速率。

This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020.

这一数据略高于2020年6月Akamai报道的809百万数据包每秒的前记录,当时是针对一家大型欧洲银行的攻击。

The 840 Mpps DDoS attack is said to have been a combination of a TCP ACK flood that originated from 5,000 source IPs and a DNS reflection attack leveraging about 15,000 DNS servers to amplify the traffic.

据称,840百万数据包每秒的DDoS攻击是由源自5,000个源IP的TCP ACK泛洪和利用约15,000个DNS服务器放大流量的DNS反射攻击组合而成。

“While the attack was distributed worldwide, 2/3 of total packets entered from only four [points of presence], all located in the U.S. with 3 of them being on the west coast,” OVHcloud noted. “This highlights the capability of the adversary to send a huge packet rate through only a few peerings, which can prove very problematic.”

OVHcloud指出:“虽然这次攻击是全球分布的,但三分之二的总数据包只来自美国四个[存在点],其中有三个位于西海岸。” “这突显了对手通过只有少数对等连接发送大量数据包速率的能力,这可能会带来很大的问题。”

The company said it has observed a significant uptick in DDoS attacks in terms of both frequency and intensity starting 2023, adding those reaching above 1 terabit per second (Tbps) have become a regular occurrence.

该公司表示,从2023年开始,DDoS攻击的频率和强度都有显著增加,那些达到每秒1太比特(Tbps)以上的攻击已经成为常态。

“In the past 18 months, we went from 1+ Tbps attacks being quite rare, then weekly, to almost daily (averaged out over one week),” OVHcloud’s Sebastien Meriot said. “The highest bit rate we observed during that period was ~2.5 Tbps.”

OVHcloud的Sebastien Meriot表示:“在过去的18个月里,我们从1+ Tbps的攻击相当罕见,然后变成每周一次,然后几乎每天(在一个星期内平均下来)。” “在那段时间内,我们观察到的最高比特率约为~2.5 Tbps。”

Unlike typical DDoS attacks that rely on sending a flood of junk traffic to targets with an aim to exhaust available bandwidth, packet rate attacks work by overloading the packet processing engines of networking devices close to the destination, such as load balancers.

与典型的DDoS攻击依靠向目标发送大量垃圾流量以耗尽可用带宽的攻击不同,数据包速率攻击是通过超载靠近目的地的网络设备的数据包处理引擎(如负载均衡器)来实现的。

Data gathered by the company shows that DDoS attacks leveraging packet rates greater than 100 Mpps have witnessed a sharp increase for the same time period, with many of them emanating from compromised MikroTik Cloud Core Router (CCR) devices. As many as 99,382 MikroTik routers are accessible over the internet.

该公司收集的数据显示,利用大于100 Mpps的数据包速率进行DDoS攻击在同一时期有了显著增加,其中许多攻击源自受损的MikroTik Cloud Core Router(CCR)设备。多达99,382个MikroTik路由器可以通过互联网访问。

These routers, besides exposing an administration interface, run on outdated versions of the operating system, making them susceptible to known security vulnerabilities in RouterOS. It’s suspected that threat actors are likely weaponizing the operating system’s Bandwidth test feature to pull off the attacks.

这些路由器除了暴露管理界面外,还运行在操作系统的过时版本上,使它们容易受到RouterOS中已知安全漏洞的影响。有人怀疑威胁行为者可能利用操作系统的带宽测试功能来发动攻击。

It’s estimated that even hijacking 1% of the exposed devices into a DDoS botnet could theoretically give adversaries enough capabilities to launch layer 7 attacks reaching 2.28 billion packets per second (Gpps).

据估计,即使劫持1%的受损设备组成DDoS僵尸网络,理论上对手也足够发动达到每秒228亿数据包(Gpps)的第7层攻击。

It bears noting at this stage that MikroTik routers have been leveraged for building potent botnets such as Mēris and even used for launching botnet-as-a-service operations.

值得注意的是,MikroTik路由器已被用于构建强大的僵尸网络,如Mēris,甚至用于发起僵尸网络作为服务(BaaS)操作。

“Depending on the number of compromised devices and their actual capabilities, this could be a new era for packet rate attacks: with botnets possibly capable of issuing billions of packets per second, it could seriously challenge how anti-DDoS infrastructures are built and scaled,” Meriot said.

Meriot表示:“根据受损设备的数量和其实际能力,这可能是数据包速率攻击的一个新时代:借助可能能够发出数十亿数据包每秒的僵尸网络,这可能严重挑战反DDoS基础设施的构建和扩展方式。”


参考资料

[1]https://thehackernews.com/2024/07/ovhcloud-hit-with-record-840-million.html

原创文章,作者:速盾高防cdn,如若转载,请注明出处:https://www.sudun.com/ask/93402.html

(0)
速盾高防cdn's avatar速盾高防cdn
上一篇 2024年7月8日 下午12:32
下一篇 2024年7月8日 下午12:36

相关推荐

  • 域名被劫持处理方式

    域名被劫持是许多网站所有者和运营者都不愿意面对的问题,但却是一种常见的网络安全威胁。在这个充满数字化风险的时代,域名被劫持不仅会导致网站数据泄露,还可能使用户受到垃圾邮件、欺诈等攻…

    2024年5月15日
    0
  • dos攻击属于主动攻击方式

    导语: 大家好,我是速盾CDN小编。在网络安全领域,我们经常听到各种攻击手段,其中一种就是DoS攻击。DoS攻击,即拒绝服务攻击,是指攻击者通过各种手段,使得目标系统无法提供正常的…

    2024年5月16日
    0
  • 浙江运营商劫持ip

    浙江运营商劫持IP:网络安全的新挑战 大家好,我是速盾CDN的小编。今天我们要聊的话题是浙江运营商劫持IP,这是一个近来备受关注的网络安全问题。随着互联网的发展,网络安全问题变得日…

    2024年5月14日
    0
  • 游戏服务器用什么,游戏服务器能承受多少人

    简介: 大家好!游戏服务器这个话题总是引起很多人的关注。毕竟流畅的游戏体验离不开稳定的服务器支持。今天速盾CDN的编辑们讨论一个有争议的问题:你的游戏服务器能不能集成CDN?我们将…

    DDOS防护 2024年5月18日
    0

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注