Earlier this month, the
The attacker sent both a flood of normal SYN packets and a large SYN flood
using two previously known tools.
The attacker used highly randomized and likely spoofed set of source ports and addresses to send packets of between 800 and 900 bytes.
Normal SYN packets allow to saturate the target resources, while larger packets saturate the network.
According to the experts, the two tools used in the attack were developed by two different individuals, and the attacker combined them in the January attack.
“When we investigated, we realized the attack wasn’t generated using new tools, but two common older ones: one for the
“One possible hypothesis is that these tools, although used in the same attack, were written by two different individuals and then combined to form an arsenal and launch the most intensive DDoS attack against Network infrastructure in the history of the Internet. “
Experts pointed out that the most important factor to evaluate the magnitude of a DDoS attack
The mitigation of DDoS attacks involving very high PPS is very hard because of the computer processing power required to evaluate every single packet.
Since today, the 2018 GitHub DDoS attack that peaked 1.35 Tbs is considered the largest-ever distributed denial of service. or instance. Its traffic was mainly composed of large packets sent from the same port from different servers at a relatively low PPS rate of around 129.6 million.
The attack observed by Imperva this month was nearly four times in terms of the
The good news is that high PPS attacks are difficult to generate because they require more computational resources.