- Imperva mitigated a single attack with over 25.3 billion requests, which is a new record for the company’s solution.
- The attack took place on 27 June and lasted more than four hours and peaked at 3.9 million RPS.
- The attackers used HTTP/2 multiplexing or combining multiple packets into one, to send multiple requests at once.
Imperva announced that the company’s DDoS mitigation solution mitigated a single attack with more than 25.3 billion requests on June 27. The attack lasted for more than four hours and peaked at 3.9 million RPS. The attack targets a Chinese telecommunications company, which is frequently targeted by large attacks. The site was targeted two days later but the attack was shorter in duration.
Peaked at 3.9 million RPS
The attack rates reached a total of 25.3 billion requests over four hours on the morning of June 27. The average rate of the attack was 1.8 million RPS. The attackers used HTTP/2 multiplexing or combining multiple packets into one, to send multiple requests at once over individual connections. Imperva estimates that the attack could have reached a much greater rate than the tracked peak of 3.9 million RPS.
For the attack, the attackers used a large botnet of approximately 170,000 different IP addresses, including routers, security cameras, and compromised servers. The botnet includes compromised devices from over 180 countries. Most of these devices are based in the US, Indonesia, and Brazil.