Microsoft Stopped an Insane 3.47 Tbps DDoS Attack

Network switch with Ethernet cables

Microsoft’s Azure cloud division shared that it stopped a 3.47 Tbps DDoS attack, and two other attacks that were over 2.5 Tbps.

3.47 Tbps DDoS

The company says it happened in November 2021. The attack had a throughput of 3.47 Tbps (terabytes per second) making it the largest DDoS so far. With a packet rate of 340 million pps (packets per second) the target was an Azure customer in Asia.

The attack originated from about 10,000 sources in multiple countries such as the United States, China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and Taiwan. The attack lasted about 15 minutes.

In December, Microsoft mitigated two more attacks that were over 2.5 Tbps, again targeting customers in Asia. One was a 3.25 Tbps UDP attack in Asia on ports 80 and 443, lasting more than 15 minutes with four main peaks, the first at 3.25 Tbps, the second at 2.54 Tbps, the third at 0.59 Tbps, and the fourth at 1.25 Tbps. The other attack was a 2.55 Tbps UDP flood on port 443 with one single peak, and lasted just over five minutes.


DDoS, or distributed denial-of-service attack, is crude but can be effective if you don’t have the protection of Microsoft, Cloudflare, or others. An analogy of a DDoS is a traffic jam; machines will send a flood of junk data to a victim in the hopes of blocking the legitimate network traffic. A successful attack can knock servers offline. The attacking machines are part of a botnet, like with the 3.74 Tbps attack with 10,000 machines.

There are different types of DDoS attacks depending on which layer of the network is affected. Application layer attacks, HTTP flood, protocol attacks, SYN flood, and volumetric attacks are examples, and each one can achieve different things. Microsoft says the 3.47 Tbps attack was through UDP reflection on port 80.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.