Security

Cloudflare Boots Aisuru Botnet and Suddenly Gets Hammered Offline

Leave a comment

Cloudflare has gone offline for a couple hours today after reporting a huge traffic spike.

Source: Cloudflarestatus.com

Yesterday, the big news was that Microsoft revealed a nearly 16 terabit/second attack from the Aisuru (Mirai-based) botnet flooding a single target in Australia with UDP packets from over a half-million systems.

Azure was hit by the “largest-ever” cloud-based distributed denial of service (DDoS) attack, originating from the Aisuru botnet and measuring 15.72 terabits per second (Tbps), according to Microsoft. On October 24, the Windows giant’s cloud DDoS protection service auto-detected and mitigated the traffic tsunami – nearly 3.64 billion packets per second – so no customer workloads experienced any service interruptions, Microsoft’s Sean Whalen said in a Monday blog.

This was a notable event because, going back to the start of the month, Cloudflare said they gave Aisuru the boot.

For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare’s public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisuru’s overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the company’s domain name system (DNS) service.

Cloudflare has now clarified that the root cause of today’s massive outage was…

Many of Cloudflare’s services experienced a significant outage today beginning around 11:20 UTC. It was fully resolved at 14:30 UTC. The root cause of the outage was a configuration file that is automatically generated to manage threat traffic. The file grew beyond an expected size of entries and triggered a crash in the software system that handles traffic for a number of Cloudflare’s services. To be clear, there is no evidence that this was the result of an attack or caused by malicious activity.

Cloudflare internal chat contemplates root cause. Source: Cloudflare

So, a threat traffic management file grew so big that it crashed the network, not because of any threat.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.