The Porcupine Attack: investigating millions of junk requests
The text discusses an unusual occurrence observed by Marek Majkowski and his team while monitoring their network using Grafana dashboards. They noticed multiple spikes in the number of HTTP requests per second handled by their systems globally, reaching up to 1M requests per second. These spikes were generated by IP addresses from all around the world, with a bias towards South America and North Africa. The traffic was enormous, but the payloads sent to the HTTP servers appeared to be random binary junk rather than typical HTTP request attacks. The bots responsible for these spikes seemed to rotate IP addresses aggressively, resulting in 1.2M unique IP addresses during the 16 spikes happening over 24 hours. The exact cause of these spikes remains uncertain, with possibilities including an attack intended to break their HTTP servers or legitimate connection attempts by some weird, obfuscated protocol.
Company
Cloudflare
Date published
Jan. 9, 2017
Author(s)
Marek Majkowski
Word count
1544
Hacker News points
None found.
Language
English