Just 10 days before the year's end, one of the largest DDoS attacks ever seen was mitigated, which reached 650 Gbps.
Imperva researchers discovered the attack began on the morning of 21 December and targeted several anycasted IPs on its Incapsula network. The attack was likely the result of the offender not being able to resolve the IP address of his actual victim.
The first DDoS burst lasted about 20 minutes and peaked at 400 Gbps. During the second round, enough botnet “muscle” generated a 650 Gbps DDoS flood of over 150 million packets per second (Mpps).
Both attack bursts originated from spoofed IPs, making it impossible to trace the botnet's geo-location or learn anything about the nature of the attacking devices.
The payload characteristics clearly show that neither Mirai malware nor one of its more recent variants was used for this assault, unlike all the huge DDoS attacks of 2016 which were associated with Mirai.
“It's fitting that this attack would signal the end of the year for us. Mitigating it was an important milestone and a great demonstration of the resilience of our network. However, we look at it as a sign for things to come,” the blog said.