Google Fends Off Record-Breaking DDoS Attack

pcmag.com:

Google says it recently fended off the largest HTTPS DDoS attack in history from taking down a customer’s internet services hosted over Google Cloud. 

The incident occurred on June 1, and resulted in an DDoS attack that peaked at 46 million requests per seconds using HTTPS-based requests. “This is the largest Layer 7 DDoS reported to date,” according to Google product manager Emil Kiner and technical lead Satya Konduru.

“To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds,” they added. 

The attack was also about 76% more powerful than the 26 million RPS attack that Cloudflare encountered during the same month, the previous record-holder for largest HTTPS DDoS attack. (In January, Microsoft defended a record-breaking DDoS attack at 3.47Tbps, but the assault used a “volumetric(Opens in a new window)” method to bombard the network, putting it in a different class of DDoS attack.)  

DDoS attacks are designed to knock an internet site or service offline by bombarding the destination with a flood of web traffic. The June incident against the Google Cloud customer initially began as an assault made up of more than 10,000 requests per second before escalating to 100,000 RPS eight minutes later. 

In response, Google’s anti-DDoS Cloud Armor system immediately detected the attack and generated an alert, which began blocking the sources of the malicious web traffic. “In the two minutes that followed, the attack began to ramp up, growing from 100,000 RPS to a peak of 46 million RPS,” the company said. 

However, the massive surge in traffic failed to disrupt Google Cloud. “Since Cloud Armor was already blocking