Largest ever DDoS attacks carried out on Hong kong’s Democracy MomentsDNS AttackLargest ever in historyResponse

DNS Attack

What is striking about these attacks is the way they are being carried out. The attack involves bombarding DNS servers. A DNS server is responsible for taking a request from a user fro a website, resolving it and forwarding the request onto the website. What has happened in this attack is, the attacker/attackers have been bombarding the DNS servers with multiple request for these specific sites, which is ensuring that the DNS server resolves every request. “We’re seeing over 250 million DNS requests per second, which is probably on par with the total DNS requests for the entire Internet in a normal second,” said Prince.

Largest ever in history

The distributed denial of service (DDoS) attacks have been carried out against independent news site Apple Daily and PopVote, which organised mock chief executive elections for Hong Kong. Now the content delivery network Cloudflare, which protects Apple Daily and PopVote, says the DDoS attacks have been unprecedented in scale, pounding the sites with junk traffic at a remarkable 500 gigabits per second. It’s been “many times larger” than the Spamhaus cyber attacks last year that were credited with slowing down Internet speeds across the globe, and which saw 300 Gbps of attack traffic. The record since then had been a 400 Gbps DDoS attack in Europe, reported in February. “[It’s] larger than any attack we’ve ever seen, and we’ve seen some of the biggest attacks the Internet has seen,” said Cloudflare CEO Matthew Prince in a telephone interview. Cloudflare provides DDoS protection service for Apple Daily and PopVote, the Hong Kong site which held an unofficial civil referendum on extending suffrage rights to Hong Kong.

Response

Though 500 Gbps is a very huge number, it has forced some ISPs like Virgin Media in the UK, to bow down to the attacker’s wishes. Virgin Media has on its own, blocked access to these sites to avoid the extra pressure on its servers. Just to put things in perspective, the amount of requests coming onto the system is the same amount of requests made across the entire internet at any point of time. The worrying trend about such attacks, feels Prince, is that it can act as an inhibitor for the internet to be the unbaised medium it has always been. It might force websites to rely on firewalls and other protective mechanisms themselves. “The thing that’s great about the Internet is you can be a protestor in Hong Kong and tell your story in New York or London,” says Prince. “There’s no technical solution that Cloudflare can create to solve this problem unless we re-architect the Internet.”