An unprecedented DDoS attack of 1 Terabit per second occurred, the attack source was hacked by 155,000 web cameras

ByMike Mozart

Computers distributed over multiple networks simultaneously send a connection request to a specific network or computer, aiming to stop the function by overflowing the communication capacity is called "DDoS attack"is. While the damage caused by the DDoS attacks has increased in recent years, it became clear that DDoS attacks of unprecedented level were done in history.

Record-breaking DDoS reportedly delivered by> 145k hacked cameras | Ars Technica
http://arstechnica.com/security/2016/09/botnet-of-145k-cameras-reportedly-deliver-internets-biggest-ddos-ever/


Week 4 of September 2016, reporting security-related news "Krebs On Security'S server has been down for more than 24 hours. This is a so-called "IoTSomehow hacked a device connected to the network called "BotnetIt was reported that it caused the DDoS attack by using it.

Attacks keep on loading 620 gigabits per second (620 Gbps) load on the server of Krebs On Secure. Akamai, which provides DDoS mitigation services, seems to have proceeded with the investigation to mitigate the attack on Krebs On Security, but reported that this attack is nearly twice as much as DDoS attacks Akamai has ever experienced, It seems that it was of such a scale that I never saw.

Akamai dumps Brian Krebs website over sustained DDoS attack - Business Insider
http://www.businessinsider.com/akamai-brian-krebs-ddos-attack-2016-9


After that, it turned out that a similar attack was also launched to the server owned by OVH which is the provider of French hosting service, but the DDoS attack received by the OVH server was a wonder of 1.1 terabits per second It is known that the attack of the traffic was about 60% higher than the attack on Krebs On Secure.

Octave Klaba, the CTO of OVH's founder and OVH, revealed that the DDoS attack on the server of OVH was made. Klaba has announced the existence of DDoS attack on its own Twitter account as follows. Looking at the image attached by Mr. Klaba to the tweet, two DDoS attacks against the server occurred at the same time, and the first attack was 1.1 Tbps for the total of two attacks, and the second attack was also a phenomenal traffic of 901 Gbps total You can see that it is recording.

Last days, we got lot of huge DDoS. Here, the list of "bigger that 100 Gbps" only. You can see the
Simultaneous DDoS are close to 1 Tbps!Pic.twitter.com/XmlwAU9JZ6

- Octave Klaba / Oles (@ olesovhcom)September 22, 2016

Furthermore, according to Klaba, this DDoS attack is due to a botnet consisting of webcams and digital recorders hacked by someone, and it is of the same type as the above case of Krebs On Security You can see that. The hacked web camera and digital recorder can generate traffic of about 1 Mbps to 30 Mbps for each one, and it is speculated that it is generating traffic of about 1.5 Tbps by performing this with about 140 thousand units doing.

This botnet with 145607 cameras / dvr (1-30 Mbps per IP) is able to send> 1.5 Tbps DDoS. Type: tcp / ack, tcp / ack + psh, tcp / syn.

- Octave Klaba / Oles (@ olesovhcom)September 23, 2016

It seems that attacks by attackers continued even after the first report, according to Klaba, 6800 webcams joined the attacker's botnet in 48 hours. The following tweets were posted after several days from the time of the first attack, but during this time, the OVH server has undergone multiple DDoS attacks from an attacker, and all of those traffic It seems that it was about 100 to 800 Gbps.

+6857 new cameras participated in the DDoS last 48H.

- Octave Klaba / Oles (@ olesovhcom)September 26, 2016

DDoS mitigation experts comment that these numbers are not sure whether they are correct or not. Also, Mr. Klaba of OVH refuses to request interviews from Ars Technica. However, Ars Technica says that Mr. Klaba's Twitter account is worthy of credit and there are many parts that are consistent with Akamai's report, which struggled to mitigate DDoS on attacks against Krebs On Secure.

Akamai's security experts said, "Currently, we have confirmed about 600 botnets, but we need to take countermeasures before these become more general. All botnets are used for attacks It is not necessarily the case, but about a quarter of a large number will be used for attacks. "

So far security experts have pointed out the dangers of IoT products that "terminals connected to the Internet are generating potential threats." Indeed, the presence of large-scale DDoS attacks using webcams has become clear before this case.

The presence of large-scale DDoS attacks made full use of security cameras all over the world revealed - GIGAZINE


In addition, KrebsOnSecurity that received the threat DDoS attack seems to be successfully restored by "Project Shield" which provides "a service to protect news sites from DDoS attacks" using Google's technology.

Google | Project Shield | Free DDoS protection
https://projectshield.withgoogle.com/public/