Google’s cloud division on Thursday disclosed it mitigated a series of HTTPS distributed denial-of-service (DDoS) attacks which peaked at 46 million requests per second (RPS), making it the largest such DDoS offensive recorded to date.
The attack, which occurred on June 1, 2022, targeting an unnamed Google Cloud Armor customer, is 76% larger than the 26 million RPS DDoS attack repealed by Cloudflare earlier this year, surpassing a then-record attack of 17.2 million RPS.
“To give a sense of the scale of the attack, that is like receiving all the daily requests to Wikipedia (one of the top 10 trafficked websites in the world) in just 10 seconds,” Google Cloud’s Emil Kiner and Satya Konduru said.
It’s said to have started around 9:45 a.m. PT with 10,000 RPS, before growing to 100,000 RPS eight minutes later and further ramping up within two minutes to hit a high of 46 million RPS at 10:18 a.m. PT. In all, the DDoS assault lasted for a total of 69 minutes.
Google said that the unexpectedly high volume of traffic originated from 5,256 IP addresses located in 132 countries, with Brazil, India, Russia, and Indonesia alone accounting for 31% of all the attack requests.
22% of the IP addresses (1,169) corresponded to TOR exit nodes, but were responsible for just 3% of the attack traffic.