Cloudflare on Monday stated it blocked the most important distributed denial-of-service (DDoS) assault ever recorded, at 11.5 Tbps (Terabits per second).
In a brief message on X, Cloudflare solely shared that the assault was a UDP flood that primarily originated from Google Cloud infrastructure and that it lasted roughly 35 seconds.
“Cloudflare’s defenses have been working time beyond regulation. Over the previous few weeks, we’ve autonomously blocked lots of of hyper-volumetric DDoS assaults, with the most important reaching peaks of 5.1 Bpps and 11.5 Tbps. The 11.5 Tbps assault was a UDP flood that primarily got here from Google Cloud,” the corporate stated.
A UDP flood assault consists of a excessive quantity of UDP (Person Datagram Protocol) packets being despatched to a goal, which turns into overwhelmed and unresponsive when making an attempt to course of and reply to them.
Picture Credit score: Cloudflare
As a result of UDP packets are small and the receiver spends assets attempting to course of them, the attackers additionally elevated the packet charge to five.1 Bpps (billion packets per second) to deplete these assets and take down the goal.
This record-setting DDoS assault takes the lead as the most important in historical past roughly three months after Cloudflare blocked a 7.3 Tbps DDoS assault.
Seen in mid-Could, the assault focused a internet hosting supplier and lasted for under 45 seconds. Roughly 37.4 Tb of site visitors, or the equal of over 9,000 HD motion pictures, was delivered within the timeframe.
The identical because the newly noticed assault, the Could DDoS assault primarily consisted of UDP floods. It originated from over 122,000 IP addresses.
Cloudflare mitigated 27.8 million DDoS assaults within the first half of 2025, a quantity that surpassed the whole noticed in 2024 (21.3 million HTTP and Layer 3/4 DDoS assaults).Commercial. Scroll to proceed studying.
Associated: Arch Linux Undertaking Responding to Week-Lengthy DDoS Assault
Associated: ‘MadeYouReset’ HTTP2 Vulnerability Permits Huge DDoS Assaults
Associated: Cloudflare Places a Default Block on AI Net Scraping
Associated:Europol Broadcasts Extra DDoS Service Takedowns, Arrests
