Alibaba Cloud Security defends against the world's largest DDoS attack (0.5 billion requests, 0.95 million qps https cc attacks)

Report Disclosure: on June 14, last November, the Alibaba Cloud Security team successfully defended against ultra-large-scale HTTPS/ssl cc traffic attacks initiated by hackers against an Internet finance user on the Alibaba Cloud platform, this attack is also the world's largest https ssl/CC attack.

As the largest public cloud computing service provider in China, a large number of websites choose Alibaba Cloud security protection, so they have defended domestic customers against major attacks on the Internet.

The attacker began to launch attacks against the website at fourteen o'clock P.M. on January 1, November 5, with two peaks at and around on the evening respectively. The total number of attacks reached 0.5 billion.

 

Attack request QPS changes

Through log data analysis, the attack features are as follows:
(1) attack focuses on the home page;
(2) during the attack, in order to be close to the real host, the attacker forged UA and Referer fields and cookies;

The target website of this attack is HTTPS, and its resource performance consumption is much higher than that of HTTP. The attacker hopes to break down the website performance bottleneck through resource-consuming attacks such as CC, thus paralyzing website services. At present, such a huge peak of 0.95 million QPS of HTTPS/ssl cc attacks, has far surpassed the performance bottleneck of most domestic protection vendors.

In the end, the Alibaba Cloud security anti-DDoS system successfully defended against hacker attacks, stored a large amount of effective attack evidence, and provided materials for users to trace the source after the event. Alibaba Cloud's security team predicted that as more and more websites are pursuing data security using HTTPS protocol for traffic transmission, the possibility of websites suffering from https cc attacks will rise. As the processing of HTTPS protocol consumes more resources than HTTP, whether it is a website operator or a security service provider in the face of https cc resource consumption attacks, the protection capability will face a huge challenge.

As a matter of fact, after 2016, DDoS attacks, including https cc attacks, emerged one after another. In September February, foreign hacker organizations launched a high-volume DDoS attack on XBOX, one of the world's largest online gaming platforms, which had a business impact for up to 24 hours. In early March, domestic game manufacturers were also under heavy DDoS attacks. It seems that 2016 is destined to be an extraordinary year.

 

After 24 hours of confrontation, the XBOX team announced that the business was back to normal.

However, all this is just an extraordinary continuation of the past 2015-2015 was a year when DDoS attacks were very active. According to the Alibaba Cloud security team's "Alibaba Cloud Security Internet DDoS Status and Trends report for the second half of 2015", nearly 2015 DDoS attacks were detected in 0.2 million. Compared with the number of DDoS attacks in the last six months, the trend in the second half of the year is significantly higher than that in the first half of the year (+ 32% ).
 

In the industries affected by DDoS attacks, the gaming industry suffers the most severe threats, accounting for nearly half of the affected industries. The gaming industry has become the hardest hit by DDoS attacks.
 

Wu Hanqing, Alibaba Cloud security product (http://click.aliyun.com/m/4232/) director, said, "We predict that the entire Internet may have traffic between 800Gbps-1TGbps attacks in 2016. DdoS attacks against the background of commercial competition or extortion are still facing severe challenges. Gaming is still the industry with high DDoS events. DDoS attacks from the application layer of mobile terminal apps will rapidly rise ."

Alibaba Cloud Security has released the Internet DDoS status and Trend Report since September 3, 2015. According to the yundun owner, the yundun Anti-DDoS service provides Tb-level defense bandwidth and attack detection capabilities, the PB-level daily data processing and trillion-level session analysis capabilities brought by Alibaba Cloud's big data analysis system. Currently, Alibaba Cloud Security has deployed dozens of cleaning clusters nationwide to protect 30% of Chinese websites.

Download the Alibaba Cloud Security Internet DDoS Status and Trends report for the second half of 2015. Visit:
Http://yundunddos-help.oss-cn-hangzhou.aliyuncs.com/%E4%BA%91%E7%9B%BE%E4%BA%92%E8%81%94%E7%BD%91DDoS%E7%8A%B6%E6%80%81%E5%92%8C%E8%B6%8B%E5%8A%BF%E6%8A%A5%E5%91%8A-2015H2-Final%20Version.pdf