At the end of last week, Google slipped out a blog post that probably went under the radars of some folks.
In it, they revealed that they had mitigated against the largest known distributed denial-of-service (DDoS) attack, when its infrastructure blocked a whopping 2.5 Tbps (Terabits per second) attack.
That’s huge. In fact, “huge” hardly seems the right adjective for the scale of attack.
To put it in some context, the notorious DDoS onslaught wrought by the Mirai IoT botnet in 2016, which attacked managed DNS service Dyn and left surfers struggling to to reach some of the world’s most well-known websites – including Twitter, Spotify, Github, Reddit and AirBnB – was measured at 623 Gbps.
And when GitHub suffered a DDoS attack in 2018, that peaked at some 1.35 terabits per second.
Google’s announcement last week of the 2.5 Tbs DDoS attack it mitigated means that we now have a new candidate for the biggest DDoS attack in history:
Our infrastructure absorbed a 2.5 Tbps DDoS in September 2017, the culmination of a six-month campaign that utilized multiple methods of attack. Despite simultaneously targeting thousands of our IPs, presumably in hopes of slipping past automated defenses, the attack had no impact. The attacker used several networks to spoof 167 Mpps (millions of packets per second) to 180,000 exposed CLDAP, DNS, and SMTP servers, which would then send large responses to us.
You know what I find interesting? That Google has only told us now, three years later, about the biggest DDoS attack in history. I wonder why it hasn’t mentioned it before.
For now, until someone reveals they have measured a larger incident but have chosen to keep schtum about it, this September 2017 incident stands as the highest-bandwidth DDoS attack ever reported.