Web performance and information security company CloudFlare recently discovered an attack that it believes leveraged mobile ad networks to launch a large-scale distributed denial-of service (DDoS) attack.
Last week, the security company issued a post in which it explains that it detected a large number of HTTP requests being directed at one of its customers. These requests appeared to have been issued by a real browser, as the headers looked legitimate. Additionally, a
POST within the request contained an
Origin header issued by an Ajax (XHR) cross origin call, and the
Referer pointed to a reachable URL.
Further investigation revealed that the attack peaked at 250,000 HTTP requests per second. In total, some 4.5 billion requests were sent from 650,000 unique IP addresses; CloudFlare noted that 99.8% of this traffic originated from China.
“Attacks like this form a new trend,” Cloudflare researchers stated. “They present a great danger in the internet — defending against this type of flood is not easy for small website operators. The good news is CloudFlare handles these attacks easily and automatically without the flood of HTTP requests ever hitting our customers’ infrastructure. While it’s still early days of our research, we hope publicizing the details will help to advance public knowledge and, hopefully, help others affected.”