French cloud computing firm OVHcloud said it mitigated a record-breaking distributed denial-of-service (DDoS) attack in April 2024 that reached a packet rate of 840 million packets per second (Mpps).
法国云计算公司OVHcloud表示,该公司在2024年4月遭受了一次有史以来规模最大的分布式拒绝服务(DDoS)攻击,达到了每秒840百万数据包的数据包速率。
This is just above the previous record of 809 million Mpps reported by Akamai as targeting a large European bank in June 2020.
这一数据略高于2020年6月Akamai报道的809百万数据包每秒的前记录,当时是针对一家大型欧洲银行的攻击。
The 840 Mpps DDoS attack is said to have been a combination of a TCP ACK flood that originated from 5,000 source IPs and a DNS reflection attack leveraging about 15,000 DNS servers to amplify the traffic.
据称,840百万数据包每秒的DDoS攻击是由源自5,000个源IP的TCP ACK泛洪和利用约15,000个DNS服务器放大流量的DNS反射攻击组合而成。
“While the attack was distributed worldwide, 2/3 of total packets entered from only four [points of presence], all located in the U.S. with 3 of them being on the west coast,” OVHcloud noted. “This highlights the capability of the adversary to send a huge packet rate through only a few peerings, which can prove very problematic.”
OVHcloud指出:“虽然这次攻击是全球分布的,但三分之二的总数据包只来自美国四个[存在点],其中有三个位于西海岸。” “这突显了对手通过只有少数对等连接发送大量数据包速率的能力,这可能会带来很大的问题。”
The company said it has observed a significant uptick in DDoS attacks in terms of both frequency and intensity starting 2023, adding those reaching above 1 terabit per second (Tbps) have become a regular occurrence.
该公司表示,从2023年开始,DDoS攻击的频率和强度都有显著增加,那些达到每秒1太比特(Tbps)以上的攻击已经成为常态。
“In the past 18 months, we went from 1+ Tbps attacks being quite rare, then weekly, to almost daily (averaged out over one week),” OVHcloud’s Sebastien Meriot said. “The highest bit rate we observed during that period was ~2.5 Tbps.”
OVHcloud的Sebastien Meriot表示:“在过去的18个月里,我们从1+ Tbps的攻击相当罕见,然后变成每周一次,然后几乎每天(在一个星期内平均下来)。” “在那段时间内,我们观察到的最高比特率约为~2.5 Tbps。”
Unlike typical DDoS attacks that rely on sending a flood of junk traffic to targets with an aim to exhaust available bandwidth, packet rate attacks work by overloading the packet processing engines of networking devices close to the destination, such as load balancers.
与典型的DDoS攻击依靠向目标发送大量垃圾流量以耗尽可用带宽的攻击不同,数据包速率攻击是通过超载靠近目的地的网络设备的数据包处理引擎(如负载均衡器)来实现的。
Data gathered by the company shows that DDoS attacks leveraging packet rates greater than 100 Mpps have witnessed a sharp increase for the same time period, with many of them emanating from compromised MikroTik Cloud Core Router (CCR) devices. As many as 99,382 MikroTik routers are accessible over the internet.
该公司收集的数据显示,利用大于100 Mpps的数据包速率进行DDoS攻击在同一时期有了显著增加,其中许多攻击源自受损的MikroTik Cloud Core Router(CCR)设备。多达99,382个MikroTik路由器可以通过互联网访问。
These routers, besides exposing an administration interface, run on outdated versions of the operating system, making them susceptible to known security vulnerabilities in RouterOS. It’s suspected that threat actors are likely weaponizing the operating system’s Bandwidth test feature to pull off the attacks.
这些路由器除了暴露管理界面外,还运行在操作系统的过时版本上,使它们容易受到RouterOS中已知安全漏洞的影响。有人怀疑威胁行为者可能利用操作系统的带宽测试功能来发动攻击。
It’s estimated that even hijacking 1% of the exposed devices into a DDoS botnet could theoretically give adversaries enough capabilities to launch layer 7 attacks reaching 2.28 billion packets per second (Gpps).
据估计,即使劫持1%的受损设备组成DDoS僵尸网络,理论上对手也足够发动达到每秒228亿数据包(Gpps)的第7层攻击。
It bears noting at this stage that MikroTik routers have been leveraged for building potent botnets such as Mēris and even used for launching botnet-as-a-service operations.
值得注意的是,MikroTik路由器已被用于构建强大的僵尸网络,如Mēris,甚至用于发起僵尸网络作为服务(BaaS)操作。
“Depending on the number of compromised devices and their actual capabilities, this could be a new era for packet rate attacks: with botnets possibly capable of issuing billions of packets per second, it could seriously challenge how anti-DDoS infrastructures are built and scaled,” Meriot said.
Meriot表示:“根据受损设备的数量和其实际能力,这可能是数据包速率攻击的一个新时代:借助可能能够发出数十亿数据包每秒的僵尸网络,这可能严重挑战反DDoS基础设施的构建和扩展方式。”
参考资料
[1]https://thehackernews.com/2024/07/ovhcloud-hit-with-record-840-million.html
原创文章,作者:速盾高防cdn,如若转载,请注明出处:https://www.sudun.com/ask/93402.html
