Last month Cloudflare (opens in new tab) was able to automatically detect and mitigate a new type of DDoS (opens in new tab) attack that it has codenamed “Beat” due to the fact that the attack method appears to have been borrowed from the world of acoustics.
The attack's packet rate followed a wave-shaped pattern for over eight hours and it seems as if the attacker was inspired by an acoustics concept called beat. In acoustics, the term beat is used to describe an interference of two different wave frequencies.
According to Cloudflare, the attacker launched a flood of packets where the rate of the packets was determined by the equation of the beat wave (y'beat=y1+y2) with the two equations y1 and y2 representing the two waves.
- We've assembled a list of the best web hosting (opens in new tab)services around
- These are the best shared hosting (opens in new tab) services on the market
- Also check out our roundup of the best dedicated hosting (opens in new tab) providers
Interested users can check out a new blog post (opens in new tab) from the company's product manager of DDoS protection Omer Yoachimik where he breaks down the full formula and how it was used to achieve a packet rate that ranged from 18M to 42M pps.
DDoS to the beat
The cybercriminal behind the attack that targeted a Magic Transit customer may have utilized the method they did in an attempt to overcome Cloudflare's DDoS protection systems.
However, the company's unidirectional TCP state tracking machine flowtrackd was able to detect the attack as a flood of ACK packets that did not belong to any existing TCP connection. Therefore, flowtrackd automatically dropped the attack packets at Cloudflare's edge.
In total, the attacker beat the drum for over 19 hours with an amplitude of 7 Mpps, a wavelength of 4 hours and a peak of 42 Mpps. During the two days in which the attack took place, Cloudflare systems automatically detected and mitigated over 700 DDoS attacks targeting this customer.
Cybercriminals are always looking for novel ways to overcome security measures but this time it appears as if their efforts were in vain. However, Cloudflare is prepared in case other attackers try to follow suit by launching their own beat attacks.
- We've also highlighted the best small business web hosting (opens in new tab)