Analysis of two high-volume DDoS attacks show they’re becoming more difficult to remediate with changes to port and address strategies.
On Jan. 10, a distributed denial-of-service (DDoS) attack peaked at 500 million packets per second. Depending on precisely how you measure such things, this was likely one of the largest DDoS attacks ever — until April 30, when it was surpassed by an attack that hit 580 packets per second.
According to Imperva, the company that detected and mitigated the attacks, the January attack was a syn flood coupled with a large syn flood, each of which was launched with randomized source addresses and ports.
In a blog post, researchers at Imperva contrasted the two attacks with the 2018 Github DDoS attack — a memcached amplification attack that reached 1.35 terabits per second, most of which were in large packets with a single source port and originating service address.