Tens of millions. It is the number ofreceived daily by Wikipedia, one of the most visited sites in the world. It’s astronomical but the encyclopedia has the and the suitable for supporting such increases in load. This is the example given by Google after countering .
It was at the beginning of June, and it is only today that the firm decided to lift the veil on this attack which affected a client of. That day, Google blocked a so-called ” (DDoS) whose throughput has reached 46 million HTTPS requests per second!
“ This is the largest Layer 7 DDoS attack reported to date, at least 76% higher than the previous recordexplains a Google engineer. To give an idea of the scale of the attack, this is equivalent to receiving all daily requests from Wikipedia (one of the 10 most visited websites in the world) in just 10 seconds.. »
Perhaps most impressively, Google managed to thwart this attack. For this, the target customer had already configured the ” Adaptive protection in its security policy“. A method of establishing a baseline of normal traffic patterns for its service. As a result, this protection, which acts as a , was able to detect the DDoS attack early in its lifecycle, analyze its incoming traffic, and generate an alert with a recommended protection rule. All before the attack escalates. It all happens in seconds.
To limit the scale of the attack, the protection tool automatically throttled the flow, and Google explains that the customer preferred to “throttle” the attack rather than “deny” it. Why ? This method therefore reduces the impact on legitimate incoming traffic, while isolating malicious requests. Clearly, the client’s server, whose name was never mentioned, was never “unreachable” as is generally the case with.
Attacks from 132 countries
Google also explains that before deploying this “rule”, it was first deployed in preview mode. The customer was thus able to verify that only unwanted traffic would be refused and that legitimate users could continue to access the service. When the attack reached its peak of 46 million rps (requests per second), Cloud Armor’s suggested rule was already in place to block the bulk of the attack and ensure that theand targeted services remain available.
What undoubtedly made the task easier was that the number ofat the origin of the attacks was ultimately not so high. Google counted less than 6,000 from 132 countries, four of which accounted for nearly a third of the attacks. By blocking them, the client was able to quickly limit their impact.