Company Specializing in DDoS Protection Hit by an Attack Reaching 1.5 Billion Packets Per Second
A European company specializing in DDoS protection has itself become the target of an unprecedented attack, which peaked at 1.5 billion packets per second (PPS). According to FastNetMon, which assisted in mitigating the incident, the attack originated from thousands of compromised IoT devices and MikroTik routers.
One of the Largest Packet Floods Recorded
“The attack reached a power of 1.5 billion packets per second—this is one of the largest packet floods ever reported publicly,” FastNetMon said. The malicious traffic primarily consisted of a UDP flood, launched from compromised customer premises equipment distributed across 11,000 unique networks worldwide.
The name of the affected company was not disclosed, though FastNetMon confirmed it provides DDoS filtration services, which typically rely on techniques such as packet inspection, rate limiting, CAPTCHA, and anomaly detection.
Mitigation Efforts
To counter the flood, the targeted company deployed its own filtering measures. These included the use of Access Control Lists (ACLs) on border routers capable of handling high packet-processing loads.
Pavel Odintsov, founder of FastNetMon, warned that the trend of increasingly large-scale DDoS attacks is becoming “extremely dangerous.” He stressed that action at the ISP level is required to curb the abuse of consumer devices.
“This case is notable for the huge number of distributed sources and the abuse of common network devices. Without proactive filtering at the provider level, compromised consumer equipment can be turned into a weapon on a mass scale. The industry must act to implement detection logic at the ISP level to stop outbound attacks before they gain scale,” Odintsov said.
Another Near-Identical Attack
FastNetMon also told The Register that a separate incident—measuring 1.49 billion PPS—was recently recorded against another DDoS filtration provider in Eastern Europe. Researchers believe both incidents were carried out by the same botnet.
In the second case, attackers escalated further, sending the targeted organization an extortion email following the assault.
