Distributed denial-of-service (DDoS) attacks do not have to be bandwidth-intensive to be disruptive and hard to mitigate.
Earlier this month, Imperva mitigated an attack against one of its clients that exceeded 500 million packets per second, making it possibly the largest DDoS attack by packet volume ever recorded.
The January 10 attack was a so-called SYN flood, in which an attacker attempts to overwhelm a target computer by sending it TCP connection requests faster than the machine can process them. In this case, the attacker sent both a flood of normal SYN packets and a large SYN flood, involving packets of between 800 and 900 bytes, at the target using a highly randomized and likely spoofed set of source ports and addresses, according to Imperva.
Attackers often combine these attacks so regular SYN packets exhaust server resources like the CPU, while the larger packets saturate the network, the vendor has previously noted.
Imperva’s investigation of the January attack showed it was launched using two previously known tools — one for the flood of regular SYN traffic and the other for the large SYN attack. The tools appear to have been written by two different individuals and then used in a combined fashion to “launch the most intensive DDoS attack against network infrastructure in the history of the Internet,” Imperva said in a report this week.
Read more: Dark Reading