👋🏻 Hello everyone. In this article, we will tell you about how Yandex repelled the largest DDoS attack in history.
🏆 20 million RPS (request per second). This record was recently set by a new botnet called Mēris (translated from Latvian as “plague”).
❓ What are the features of the new botnet?
🔹 Using pipelining in HTTP / 1.1 to organize DDoS attacks (confirmed)
🔹 Attacks are focused on the exploitation of RPS (confirmed)
🔹 Open port 5678/TCP (confirmed)
🔹 SOCKS4-proxy on the infected device (not confirmed, although we know that Mikrotik devices use SOCKS4)
📢 According to the company’s report, the botnet continues to grow further, while not only Yandex, but also many other companies are exposed to the threat of such a DDoS attack.
📌 Over the past two weeks, the attacks, in addition to Russia, have also targeted the United States and New Zealand. Cloudflare recently reported that they managed to repel an attack of 17 million RPS.
📌 One of the important “features” of this botnet is also that such a number of requests can disable even the equipment that is specially sharpened to reflect high-intensity DDoS attacks.
🔗 Reverse L2TP tunnels are used for interaction within the network, and the number of infected devices reaches 250,000.
🖥 It is also important that IP addresses are not substituted in these cyber attacks, so they can be easily repelled by a banal blacklist for a short time.
⚙️ Therefore, we can say that this attack tries to take the number of attackers, and not their quality, which will lead to the fact that the botnet will most likely cease to be a problem quite quickly, since it uses the old vulnerabilities of some routers, such as Mikrotik.
💬 According to the Yandex report, they have already sent all the necessary information to the manufacturers, and this DDoS attack did not become a big problem for them.
❓ What conclusion can be drawn from this?
✅ Despite the seemingly huge resources of the Mēris botnet, which is able to send more than 200 RPS, its emphasis on quantity could not lead to significant success. This once again confirms that the disBalancer team, focusing on the quality of its cyberarmy, provides truly effective services.