CloudFlare has turned up an unusual form of denial-of-service attack: mobile advertisements that are pumping out around 275,000 HTTP requests per second.
The cloud outfit didn’t name the victim, but said the Layer 7 HTTP floods hitting the target is the latest example of a once-theoretical attack turning up in the real world.
“Browser-based L7 floods have been rumored as a theoretical threat for a long time,” Majkowski says.
“Since an efficient distribution vector is crucial in issuing large floods, up until now I haven’t seen many sizable browser-based floods.”
CloudFlare copped 4.5 billion requests in a day of attacks against a customer domain, originating from around 650 thousand unique IPs addresses.
Virtually all traffic came from mobile devices in China.
view the full story here