Another 100 Gigabit DDoS Attack Strikes — This Time Unreflected 93
darthcamaro writes "In March of this year, we saw the first ever 100 Gigabit DDoS attack, which was possible due to a DNS Reflection Amplification attack. Now word is out that a new 100 Gigabit attack has struck using raw bandwidth, without any DNS Reflection. 'The most outstanding thing about this attack is that it did not use any amplification, which means that they had 100 Gigabits of available bandwidth on their own,' Incapsula co-founder Marc Gaffan said. 'The attack lasted nine hours, and that type of bandwidth is not cheap or readily available.'"
Incapsula (Score:5, Informative)
Seriously...this reads like a brochure for Incapsula's services lol
no real verifiable info but plenty of product plug (Score:5, Informative)
The worst example of advertisement through press release in recent memory.
At least on slashdot.
Re:How much bandwidth is that? (Score:5, Informative)
The attack peaked at 100 Gigabits per second
The webhost (actually a CDN) had 400 Gigabits of total bandwidth available + various DDOS protections in place.
RTFA
Re:How much bandwidth is that? (Score:3, Informative)
The "p" in "Gbps" is "per", that is "/". Therefore "Gbps/s" is "Gb/s^2", which would be a data rate acceleration. "100Gbps/s" would mean that every second, another 100 Gb/s were added to the data stream. Doing that for 9 hours would be quite impressive.
Re:I can't get one thing (Score:4, Informative)
The article suggests it was a "Distributed attack"
the victim of the attack is remaining in the shadows, not wanting to be publicly identified. The target Website is protected by cloud security vendor Incapsula, which was able to withstand the massive distributed denial-of-service (DDoS) attack and keep the targeted Website up and running.
which means it must have bounced off of some botnet used some means of amplifying the attack and make it appear to come from different targets. Had it not been so, they would know exactly where it came from.
Perhaps judging from the number of different sources, and the type of packets, they can calculate the number of control packets needed.
If they know it required a one-for-one ratio of control packets to target packets, that is what they mean by un-amplified.
But it doesn't mean they came via the same route.
Re:Incapsula (Score:5, Informative)
We are an Incapsula customer and I can tell you we were NOT "completely unaffected". We experienced about an hour total of complete down time and several hours of slow response. Our servers were unloaded - no problems when bypassing Incapsula. So I guess they protected us from "that" but in the meantime all sites were unreachable. Though different ISPs had different levels of slowness at different times (trying our two different office connections and three different mobile networks).