Published on

The 'largest ever' DDOS attack was reportedly the 'carpet bombing' of a Minecraft server weathering 3.15 billion packets per second from Russia and 17 other countries

A record-breaking DDoS attack, reaching 3.15 billion packets per second, targeted a Minecraft server, allegedly launched from a botnet primarily concentrated in Russia, impacting the server for over an hour.

Cover

DDOS mitigation company Global Secure Layer claims to have fielded the largest DDOS attack in recorded history, in terms of packets per second, which reportedly saw one unfortunate "Minecraft gaming customer" bombarded with a buckling 3.15 billion PPS from a botnet said to be concentrated in Russia, but with traffic sources also spanning 17 other countries. For clarity, this doesn't mean people from these countries were involved, it just means attacks originated from sources in these locations. 

Steven Ferguson and Cameron Tickner of Global Secure Layer shared a breakdown of the thwarted attack, which was caught on August 25. "Our team has cross verified this attack size with tier one providers and internet exchange operators to confirm border packet rate capacity has matched reported device telemetry," the report reads. "When contrasted with historically reported records, this size outpaces these headlines at a factor of 3.2 - 3.5x. This puts this packet rate attack as the largest ever reported to the public." 

Minecraft sleuth Eli, who shared the report on Twitter, noted that the targeted server seems to be Minemen Club, and makes an important point about how DDOS attacks are measured. This wouldn't be the first time internet security experts linked massive botnets to Minecraft servers, but the reported figures are downright meteoric. 

When someone launches a DDOS attack, they're essentially trying to bog down a system by overloading it with pings or requests that it has to process or otherwise respond to. The standout measurement here is basically how many 'pings' were sent in a short time; there have been larger DDOS attacks by total data volume, though this one is still up there, but for peak packet rate it's not even close. 

This attack evidently came in two stages. First, Global Secure Layer believes, the attackers fired an opening volley on August 24 which peaked at 1.7 GPPS and ultimately "had no impact on end users." With the methodology apparently tested, the full "carpet bombing" began the next day, hitting the record 3.15 GPPS. "Carpet bomb attacks aim to flood traffic to all IPs within a subnet on a victim network, with the goal to bypass per destination attack detection," the report explains. 

The full-fat DDOS attack ran for just over an hour, with Russia, Vietnam, and South Korea being the most active countries by botnet packet rate origin. Taiwan was a close fourth, more distantly followed by the likes of Brazil, the United States, and Ukraine. In all, 42,209 sources were found to be "participating in the packet rate campaign." 

"Normally for attacks we observe, the source countries are typically well distributed with no one country being more than 7% of total attack traffic," Global Security Layer says. "In this case, Russia, Vietnam, and Korea comprise 42.8% of the total volume. Traffic from these sources was predominantly scrubbed in Frankfurt and Singapore."

Earlier this year, Final Fantasy 14 was hit with three days of DDoS attacks just weeks from Dawntrail, as Square Enix scrambled to fix the MMO's servers.