Anti-DDoS outfit walloped by record packet flood • The Register

A DDoS mitigation provider was given a taste of the poison it tries to prevent, after being smacked by one of the largest packet-rate attacks ever recorded – a 1.5 billion packets per second (1.5 Gpps) flood that briefly threatened to knock it off the internet.

FastNetMon, the network monitoring outfit brought in to fight the attack, said the UDP flood was launched from thousands of compromised routers and IoT devices spread across more than 11,000 networks worldwide.

The attack targeted a DDoS scrubbing vendor in Western Europe whose job is to keep other people’s services online during incidents just like this.

FastNetMon spokesperson Outi Maria Pietilänaho declined to name the targeted vendor, however, she told The Register that FastNetMon had observed another incident of almost exactly the same scale (1.49 Gpps), targeting another DDoS scrubbing provider in Eastern Europe,

She said this “strongly suggests activity from the same botnet.”

“The second attacked entity received an extortion email connected to the attack via their website contact form,” she said. Pietilänaho also confirmed compromised routers were MikroTik branded.

London-based FastNetMon, which brags that its DDoS detection and mitigation software can run on a network of any scale, said it leaned on its automated detection systems, enabling the targeted customer to detect the flood within seconds.

The quick reaction reportedly prevented a total collapse, but the company said that the scale of the packet storm makes this one of the most significant events of its kind.

Unlike record-breaking bandwidth floods that grab headlines for their terabit-per-second numbers, this one was all about raw packet rate, a metric that can cripple mitigation systems by sheer processing overhead long before bandwidth saturation occurs.

“Our platform reacted in real-time and blocked this attack in seconds, saving the target from a major outage,” said FastNetMon founder Pavel Odintsov, who added that ISPs need to get serious about filtering attack traffic closer to the source if they don’t want their customers’ routers becoming free artillery for botnet operators.

The attack comes just days after Cloudflare said it had mitigated an 11.5 Tbps DDoS attack, showing that adversaries are probing the limits of both bandwidth and packet processing capacity. ®