Internet companies report biggest-ever denial of service operation

Internet companies report biggest-ever denial of service operation
Signage at Google’s office building in New York, 20 January 2023. (Photo: EPA-EFE / Justin Lane)

Internet companies Google, Amazon and Cloudflare say they have weathered the internet's largest-known denial of service attack and are sounding the alarm over a new technique they warn could easily cause widespread disruption.

By Raphael Satter

Alphabet Inc-owned Google GOOGL.O said in a blog post published Tuesday that its cloud services had parried an avalanche of rogue traffic more than seven times the size of the previous record-breaking attack thwarted last year.

Internet protection company Cloudflare Inc NET.N said the attack was “three times larger than any previous attack we’ve observed.” Inc’s AMZN.O web services division also confirmed being targeted by “a new type of distributed denial of service (DDoS) event.”

Denial of service is among the web’s most basic form of attack and it works by simply overwhelming targeted servers with a firehose of bogus requests for data, making it impossible for legitimate web traffic to get through.

As the online world has developed, so too has the power of denial of service operations, some of which can generate millions of bogus requests per second. The recent attacks measured by Google, Cloudflare and Amazon – which began in late August and which the tech giants say are ongoing – were capable of generating hundreds of millions of request per second.

Google said in its blog post that only two minutes of one such attack “generated more requests than the total number of article views reported by Wikipedia during the entire month of September 2023.”

All three companies said the supersized attacks were enabled by a weakness in HTTP/2 – a newer version of the HTTP network protocol that underpins the World Wide Web – that makes servers particularly vulnerable to rogue requests.

The firms urged companies to update their web servers to ensure that they do not remain vulnerable.

None of the three companies said who was responsible for the denial of service attacks, which have historically been difficult to attribute.

(Reporting by Raphael SatterEditing by Sandra Maler)


Comments - Please in order to comment.

  • Cornay Bester says:

    BRICS+ has the most to gain from the crime of denying people the right to social media and the Internet.

    • Lifeboy (still affloat) says:

      What? Bricks would probably be the one responsible for maintaining freedom of access on the internet. The US is a cesspool of underhanded censorious bureaucracy and secret services, closely collaborating with the UK, Australia, NZ and Canada to suppress information not suiting their narrative. For all we know it it just another false flag set up to achieve to political change in the internet regulatory sphere.

Please peer review 3 community comments before your comment can be posted

[%% img-description %%]

The Spy Bill: An autocratic roadmap to State Capture 2.0

Join Heidi Swart in conversation with Anton Harber and Marianne Merten as they discuss a concerning push to pass a controversial “Spy Bill” into law by May 2024. Tues 5 Dec at 12pm, live, online and free of charge.

A South African Hero: You

There’s a 99.8% chance that this isn’t for you. Only 0.2% of our readers have responded to this call for action.

Those 0.2% of our readers are our hidden heroes, who are fuelling our work and impacting the lives of every South African in doing so. They’re the people who contribute to keep Daily Maverick free for all, including you.

The equation is quite simple: the more members we have, the more reporting and investigations we can do, and the greater the impact on the country.

Be part of that 0.2%. Be a Maverick. Be a Maverick Insider.

Support Daily Maverick→
Payment options