Brand New Mirai Botnet Reveals 54 Hours Long DDoS Attack

mirai botnet DDOS attack

The average traffic flow that came in is at over 30,000 RPS, and it peaked at around 37,000 RPS

Huge profile DDoS attacks took down swathes of the internet by impacting the Dyn DNS services, Mirai is apparently still going strong. You must be aware of one of the highlights of the year 2016, Mirai is a botnet malware based on the Internet of Things. The trojan’s source code was leaked online at the end of the last year, leading to more variants of it.

The researchers are now reporting that one of Mirai variants has been targeting the networks of a United States college and the distributed denial of service (the DDoS) attack went on for 54 hours – straight!

Mirai variant DDoS Attack targets a United States college

Imperva researchers revealed that the new Mirai threat was used to launch a DDoS (distributed denial of service) attack against an unnamed US college, which is Imperva’s client and also the assault went on for around 54 hours. Isn’t it too much time?

“The average traffic flow that came in is at over 30,000 RPS, and it peaked at around 37,000 RPS. It is the most we have seen out of any Mirai botnet. Entirely, the attack generated over 2.8 billion requests,” this information is reported by the group. Imperva’s Dima Bekerman described that the research team believes that this attack has emerged from a Mirai-powered botnet based on some factors, “ and the elements includes header order, header values, and traffic sources.”

Bekerman also added that “Our client classification system immediately identified that the attack emerged from a Mirai-powered botnet.” Forthcoming what devices launched the attack, the solution for that or the weapons always seemed to have remained the same, from DVRs to CCTV camera.

Our research showed that the pool of attacking devices included those commonly used by Mirai, including CCTV cameras, DVRs, and routers. While we don’t know for sure, the open telnet (23) ports and TR-069 (which has 7547) ports on all these devices might indicate that they were exploited (you can say used also) by all the known vulnerabilities.

Bekerman also said that the team saw attack traffic originating from 9,793 IPs worldwide, including over 18.4% traffic coming from the United States and 11.3% from Israel, followed by India, Taiwan, Russia, Turkey, Italy, Mexico, Colombia, and also Bulgaria, among several other countries.“Based on our experience, we expect to see several more bursts before the offender(s) finally give up on their efforts,” Bekerman warned.

Source: Incapsula

Ujjwal Sahay
Ujjwal Sahay is the Editor-in-Chief & Co-Founder of Enzuke as well as Author of the cyber security books Hack-X-Crypt and X-Shell. Primarily Ujjwal writes about technology and front-end developer by profession. For more details about him check out his portfolio at [ ]
To Top