The largest DDoS attack ever has just been blocked – here’s how it’s done
Cloudflare recently claims to have thwarted the largest Distributed Denial of Service (DDoS) attack in history.
At a company blog postCloudflare outlined how an unnamed threat actor targeted multiple customers in the financial services, internet and telecommunications industries, among others, in September 2024.
Without naming specific targets, Cloudflare said the attack campaign targeted bandwidth saturation, as well as resource depletion of in-line applications and devices.
Bots all over the world
The attack included “more than a hundred hypervolumetric L3/4 DDoS attacks,” many of which exceeded 2 billion packets per second (Bpps) and 3 terabits per second (Tbps).
A hypervolumetric L3/4 DDoS attack is a type of DDoS attack targeting layers 3 (network) and 4 (transport) of the OSI model (framework that standardizes network communications). It overwhelms the target’s bandwidth or network infrastructure with massive amounts of traffic, often using techniques such as UDP floods or TCP SYN floods. The goal is to deplete the target system’s resources, making it unavailable to legitimate users.
Of all the attacks, one stood out: with a peak of 3.8 Tbps. According to Cloudflare, this is “the largest ever made public by any organization.” It primarily used UDP on a fixed port, the company said, and originated from all over the world. The majority of the endpoints used in the attack came from Vietnam, Russia, Brazil, Spain and the US.
Detection and mitigation were all automatic, Cloudflare says. It added that the main reason it was able to address this issue was because the company has servers located all over the world, which essentially blunts incoming botnet traffic.
Generally, DDoS attacks are carried out via botnets: huge networks of compromised endpoints such as routers, smart home devices and the like. These attacks include traffic from MikroTik devices, DVRs and web servers, as well as compromised ASUS home routers, which were likely exploited using a CVE 9.8 (critical) vulnerability recently discovered by Censys.
Before this attack, the largest DDoS attack ever observed was 3.47 Tbps strong, and it was weakened by Microsoft in November 2021.
Via PCMag