Before summer, Google Cloud's client was at the center of the biggest "no service" attack in history. In a recent publication, a web giant explained how the attack was prevented.
76 per cent more requests than the previous record
Wikipedia is one of the top 10 sites in the world. The site receives tens of millions of hits daily, but it lacks servers and capacity to process them. This example was mentioned in a blog on August 19, 2022, which deals with the largest cyber attack ever.
According to the company, one of Google Cloud's clients was attacked by a "no service" type, with a capacity of at least 46 million requests per second. Although this attack was blocked, it was a surprise. Google claims that it was the largest DDoS level 7 attack: 76 percent more than the previous record. To get an idea of the extent of this phenomenon, it is equivalent to receiving all of Wikipedia's daily requests in just ten seconds.
More surprisingly, Google managed to prevent a DDoS attack thanks to a client. The client included adaptive security protection in Cloud Armor, which acts as a firewall. This defense detected an attack at an early stage in her life cycle and analysed incoming traffic before generating a protection warning. This occurred before the attack became even more serious and in a very short period of time.
A function that filters unwanted traffic
The defense method automatically limited the flow of the attack. Thus, a client whose name remains unknown chose to "dross" the attack rather than try to "ban" it. This method limited the impact on legal incoming traffic, while isolating harmful requests. Therefore, the client's server never became inaccessible, while DDoS attacks usually overburdened the target. According to Google, the method was first tested in pre-view mode before it was deployed in practice. The client was able to check access to his server, which was still authorized for legitimate requests but blocked for unwanted traffic. And despite the surge of 46 million requests per second, the client's services continued to work.
Finally, the number of IP addresses was not as large as the number of requests, which apparently facilitated blocking. Google estimates that 6,000 IP addresses from 132 countries were used; however, one third of the requests came from only four countries.