Cloudflare announced that it had successfully automatically blockedUp to 7.3 Tbps scaleThe distributed denial of service (DDoS) attack set a record for the largest scale in history, and was larger than the 6.5Tbps attack just announced in the first quarter of this year, which was about 12% larger.
The attack lasted only 45 seconds, flooding a total of 37.4 TB of data traffic, equivalent to playing more than 7000 hours of high-definition video in less than a minute. It is an extreme challenge in the history of network defense.
This wave of attacks targeted a hosting service provider customer of Cloudflare Magic Transit, with a clear target of a single IP address. On average, the attack targeted more than 21000 destination ports per second, and at its peak, it even reached more than 34000 ports simultaneously.
According to data released by Cloudflare, the attack was launched by network IPs from more than 122000 sources worldwide, covering 161 countries and more than 5400 autonomous systems, of which more than XNUMX% of the traffic came from Brazil and Vietnam.
In terms of attack vectors, the majority are UDP (User Datagram Protocol) flood attacks, with a small number of reflection and amplification attacks, including the abuse of protocols such as QOTD, Echo, NTP, Mirai, Portmap, and RIPv1. Most of these protocols are outdated or unverified, and if not properly disabled or restricted, they can easily become springboards for amplification attacks.
Notably, Cloudflare does not rely on manual operations, but instead relies entirely on its distributed automated defense system for detection and mitigation. The company utilizes a global Anycast architecture, distributing attack traffic across its 477 data centers. Using eBPF technology built into the Linux kernel and its proprietary dosd detection module, Cloudflare performs real-time packet analysis, generating efficient attack signature fingerprints. Blocking rules are then automatically deployed and removed after the attack is resolved, ensuring no disruption to normal traffic.
Cloudflare stated that this incident not only demonstrated the timeliness and accuracy of its DDoS protection system, but also highlighted the growing threats facing global network infrastructure. In response, Cloudflare continues to offer free Botnet Threat Intelligence subscriptions to help ISPs and cloud service providers worldwide proactively detect and mitigate attack sources.
Faced with the reality of escalating attack frequency and scale, Cloudflare emphasized its commitment to continuously strengthening its vision of "protecting the entire internet." Through technology-driven automated defense mechanisms, businesses and users no longer need to worry about frequent DDoS attacks, laying a critical line of defense for building a more secure digital foundation.
