Google Blocked a DDoS Attack with a Capacity of 46 million Requests per Second

In June 2022, an unnamed Google Cloud Armor client suffered a DDoS attack over HTTPS that reached a bandwidth of 46 million RPS (requests per second). To date, this is the largest DDoS attack of this type in history.

Let me remind you that the previous record in this area was recorded at the beginning of summer by Cloudflare specialists. At that time, an incident with a capacity of 26 million RPS was reported, behind which was a small but very dangerous Mantis botnet, consisting of only 5,000 devices.

As Google experts now report, on the morning of June 1 of this year, an attack began, initially targeting the HTTP / S load balancer of one of the clients, and at first its power was only 10,000 RPS.

Just eight minutes later, this attack increased to 100,000 RPS, triggering Google Cloud Armor Protection. Two minutes later, the attack peaked at 46 million requests per second. In total, the DDoS lasted 69 minutes.

To describe the scale of the incident, Google engineers write that this attack was equivale to getting all the daily Wikipedia requests in just 10 seconds.

Researchers believe that the Mēris botnet, already known from other high-profile incidents, was behind this attack.