On Friday network provider Cloudflare shared how it mitigated a record-breaking 17.2 million request-per-second (rps) DDoS attack. It happened earlier this summer and was three times larger than any previous attack Cloudflare is aware of.
Volumetric DDoS
As a comparison, Cloudflare said that in Q2 2021 it served over 25 million HTTP requests per second on average. This DDoS attack reached 68% of that traffic. This attack, along with additional ones, were automatically detected and mitigated with the company’s autonomous edge DDoS protection systems.
The attack originated from a botnet with over 20,000 nodes in 125 countries. The target was a Cloudflare customer in the financial industry. About 15% of the botnet originated from Indonesia and another 17% was from India and Brazil combined. This botnet had been detected twice in the past several weeks. Last week it targeted a different Cloudflare customer with an 8 million rps DDoS attack.