Security researcher Brian Krebs of KrebsOnSecurity reported today that his site was hit with a walloping 665 Gbps DDoS attack. The attack included SYN, ACK, GET, POST, and GRE floods and peaked at 153 Mpps (million packets per second). Krebs’ site remained mostly online, the attack mitigated by Akami’s DDoS protection service, at least for a while. Hours after his Tweet, the site was unreachable.
According to Krebs, the attack was likely conducted via a IoT device (ISP devices, routers, webcams, etc.) botnet. Akamai says the attack was twice the size of the largest attack they had seen to date and is believed to be the largest DDoS attack ever conducted.
It’s worth noting that just last week, Krebs reported on BackConnect Inc, a company that defends victims against large-scale DDoS attacks. In his report, he detailed how BackConnect hijacked hundreds of Internet addresses in order to obtain details on attackers who were targeting BackConnect. He also reported last week on the inner workings of vDOS, a DDoS-for-hire (booter) service. Within hours of his report, the two alleged owners of vDOS were arrested.