Google said that it mitigated the largest DDoS attack ever in August, peaking at 398 million requests per second, or more than the total number of article views Wikipedia reported in a month.
The attack was 7.5 times larger at its two-minute peak than the previous record, which Google blocked last year at a peak of 46 million requests per second, the search giant said in a blog post.
It said that the new attack used a novel HTTP/2 “Rapid Reset” technique to disrupt websites and internet services.
Google said the new technique was based on stream multiplexing and has affected “multiple” internet infrastructure companies.
“The most recent wave of attacks started in late August and continue to this day, targeting major infrastructure providers including Google services, Google Cloud infrastructure, and our customers,” it said.
The company said its global load-balancing and DDoS mitigation infrastructure “helped keep our services running.”
“In order to protect Google, our customers, and the rest of the internet, we helped lead a coordinated effort with industry partners to understand the attack mechanics and collaborate on mitigations that can be deployed in response to these attacks,” it said.
Any enterprise or individual serving an HTTP-based workload to the internet may be at risk from this attack, Google said, and should verify that any servers supporting HTTP/2 protocol are not vulnerable or apply vendor patches.
DDoS, or distributed denial-of-service, attacks attempt to disrupt websites and online services to exhaust their ability to process incoming requests, potentially causing widespread damage.
Your email address will not be published. Required fields are markedmarked