In April 2024, OVHcloud, a French cloud computing firm, mitigated a record-breaking distributed denial-of-service (DDoS) attack that reached 840 million packets per second (Mpps). This surpassed the previous record of 809 Mpps reported by Akamai, which targeted a large European bank in June 2020.
The 840 Mpps attack combined a TCP ACK flood from 5,000 source IPs with a DNS reflection attack leveraging about 15,000 DNS servers to amplify traffic. OVHcloud noted that while the attack was globally distributed, two-thirds of the total packets originated from just four points of presence in the U.S., three of which were on the west coast. This demonstrates the adversary’s ability to send a massive packet rate through limited peerings, posing significant challenges.
OVHcloud has observed a sharp increase in both the frequency and intensity of DDoS attacks since 2023, with attacks exceeding 1 terabit per second (Tbps) becoming commonplace. According to Sebastien Meriot of OVHcloud, the company has witnessed attacks of over 1 Tbps transition from being rare to almost daily occurrences over the past 18 months. The highest observed bit rate was approximately 2.5 Tbps.
Unlike typical DDoS attacks that aim to exhaust bandwidth with junk traffic, packet rate attacks overload the packet processing engines of network devices close to the target, such as load balancers. It is estimated that hijacking just 1% of exposed devices into a DDoS botnet could enable adversaries to launch layer 7 attacks reaching 2.28 billion packets per second (Gpps).
MikroTik routers have been used to build powerful botnets like Mēris, which facilitate botnet-as-a-service operations. Depending on the number and capabilities of compromised devices, Meriot suggests this could herald a new era for packet rate attacks, potentially issuing billions of packets per second and challenging the scalability of current anti-DDoS infrastructures.
