Within less than 30 seconds, it had launched more than 212 million HTTPS requests from more than 1,500 networks across 121 countries. The attack targeted a Cloudflare customer using the company’s free plan.
Perhaps the most impressive aspect of the attack was the small size of the botnet – just 5,067 devices. According to Cloudflare, each node was generating around 5,200 requests per second at its peak. Another botnet they have been tracking consists of more than 730,000 devices but wasn’t able to generate more than a million requests per second. Comparing the two, the smaller botnet was on average about 4,000 times stronger. The attack was also somewhat unique in that it occurred over HTTPS. Such attacks require more computational resources to pull off and therefore cost the attacker more to conduct. They are also more expensive for the victim to mitigate. Back in April, Cloudflare mitigated a 15M rps attack in just under 20 seconds flat. In August 2021, the company successfully thwarted a 17.2M rps attack. Image credit: Soumil Kumar