When Akamai noticed an increase in traffic to a web domain, one could leave the thinking to the business: another day another distributed denial-of-service attack (DDoS attack) was carried out on traffic to stop the site from operating and online. Disrupting services. Traffic is often generated via botnets that consist of enslaved devices, from personal computers to Internet of Things (IoT) products, including routers, smart lighting, and smartphones that are ordered to visit a website at the same time.
Sudden traffic spikes can overload systems and prevent authorized users from accessing an online resource. One of the largest DDoS attacks ever was recorded last year by GitHub, an attack that hit 1.3Tbps. In this case, which occurred at the beginning of 2018, the traffic increase was supported on an Akamai customer's Web site in Asia. This emerges from a case study published on Wednesday by the cloud service provider.
The initial peak in traffic – over four billion queries – was so great that it was close to the crash of logging systems. On average, the site received 875,000 requests per second with traffic of 5.5 Gbps. Such an amount of traffic without contextual reason is a hallmark of a typical DDoS.
However, the unnamed customer should be given a lesson on how bad code can be just as annoying as an external cyberattack. See also: This botnet intercepts your smart devices to perform DDoS attacks using Mirai. The incident was reported by the Akamai Security Operations Command Center (SOCC), which investigated traffic flows with the help of SIRT researchers a few days before the attack. "A few days before the summit, 139 IP addresses approached the customer's URL with the exact same" attacking capabilities, "Akamai says." This URL has increased from 643 requests to well over four billion in less than a week. "Almost Half of the IP addresses were labeled as NAT (Network Address Translation) gateways, and the traffic in question was later generated by a Microsoft Windows COM object, WinhttpRequest.Typical traffic passed to the domain before the incident both GET and However, the "malicious" traffic sent only a stream of POST requests CNET: By stopping the download, the government's technical staff can resume work Forged or otherwise altered, the researchers' confidence strengthened the conclusion that a Windows-centric tool was responsible for this massive flood of requests, "says cloud service provider r. To give the company time to figure out what this is about is SOCC. Most of the weird requests could be mitigated in the next 28 hours. This led to the discovery that the traffic shattered the URL "was the result of a warranty tool that got mixed up." and no botnet was the problem. Due to the guarantor's errors, constant POST requests have been sent to the domain automatically and with sufficient frequency to potentially shut down the site. A fix was quickly made and provided by the indebted vendor for the tool that solved the problem. This is important. Note that not all bots are flawed and many are used for legitimate purposes. For warranty systems, search engine crawling, archiving, and content summary. DDoS attacks are common, but if traffic jams are affecting a domain, site operators must also investigate other reasons for slow responses and disruptions that can be caused by traffic spikes. The company has also published a separate report on DDoS attacks in recent years. Below is an overview of the strength of most DDoS attacks recorded between 2017 and 2018. This is an average DDoS that is generally in the range of 1 Gbit / s.
Previous and related reporting