Cloudflare Blocked the Biggest DDoS Attack Ever

Cloudflare has defended the internet from what it describes as the largest-ever DDoS attack, blocking a staggering 7.3 terabits per second (Tbps) assault in mid‑May, the company revealed.

The record‑breaking attack, which peaked 12% higher than the previous Cloudflare record and surpassed a recent 6.3 Tbps incident, targeted one of its hosting‑provider clients using Magic Transit.

"The attack targeted a Cloudflare customer, a hosting provider, that uses Magic Transit to defend their IP network. Hosting providers and critical Internet infrastructure have increasingly become targets of DDoS attacks," Cloudflare said in the blog post.

Over just 45 seconds, the attack delivered a torrent of 37.4 terabytes of data, equivalent to streaming thousands of hours of HD video or downloading millions of songs in under a minute.

"If it were music, you’d be downloading about 9.35 million songs in under a minute, enough to keep a listener busy for 57 years straight. Think of snapping 12.5 million high-resolution photos on your smartphone and never running out of storage—even if you took one shot every day, you’d be clicking away for 4,000 years — but in 45 seconds," the company added.

The flood included more than 21,000 destination ports per second, and was a multivector assault: primarily UDP floods (≈99.996%) with the remainder using QOTD, Echo, NTP, Mirai, Portmap, and RIPv1 reflection/amplification techniques.

Originating from over 122,000 IP addresses across 5,400+ autonomous systems worldwide, nearly half of the malicious traffic came from Brazil and Vietnam.

Cloudflare mitigated the threat using global anycast routing, spreading the load across its network and neutralizing packets before they reached the intended target.

Recently, Cloudflare has announced the general availability of Cloudflare Log Explorer, to help give businesses instant access to critical security and performance insights across their IT environments.

Now, customers can analyse, investigate, and monitor for security attacks with log line level insights across their entire business–natively within the Cloudflare Dashboard–eliminating the need to forward logs to third party security analysis tools, saving security teams time and reducing overall cost.