Mēris botnet, climbing to the record

  • Socks4 proxy at the affected device (unconfirmed, although Mikrotik devices use socks4)
  • Use of HTTP pipelining (http/1.1) technique for DDoS attacks (confirmed)
  • Making the DDoS attacks themselves RPS-based (confirmed)
  • Open port 5678 (confirmed)
  • 2021–08–07 — 5.2 M rps
  • 2021–08–09 — 6.5 M rps
  • 2021–08–29 — 9.6 M rps
  • 2021–08–31 — 10.9 M rps
  • 2021–09–05 — 21.8 M rps

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Qrator Labs

Qrator Labs

DDoS Attacks Mitigation and Continuous Availability