The Largest-Ever DDos Attack Stopped in Its Tracks

Cloudflare claims to have identified and closed the lid on a DDoS attack of 17.2 million request-per-second magnitudes, which is said to be about three-fold of the previous record holder.

Sept. 3, 2021, 10:24 p.m.

TL;DR

Cloudflare, on August 19, 2021, released a report that seized the headlines. The groundbreaking report detailed how Cloudflare's Cloudflare’s autonomous edge DDoS protection systems automatically flagged a DDos attack rated at 17.2million request-per-second (rps).

The more the requests, the more the magnitude of the attack.

Key Facts

1
The magnitude of this attack has never been recorded in Cloudflare's history of DDoS attacks.
2
The DDoS attack was automatically detected by a nemesis-like security software built by Cloudflare.
3
The main target of this attack was a Cloudflare client rooted in finances.
4
The attack was traced to over 20,000 bots from over half the countries on Planet Earth.
5
The previous most significant DDoS attack in Cloudflare's records was reported at less than 8million rps.

Details

Just two weeks after over a dozen UDP and TCP-based DDoS attacks with a maximum peak of 1.2 Tbps by a Mirai-variant botnet was detected by Cloudflare, the web performance and security firm recorded another DDoS attack. However, the latter is of a more ginormous magnitude that's never been seen before. One could call the earlier attempt 'testing the waters.'

The distributed denial-of-service (DDoS) attack takes advantage of its target's network traffic limits. Once determined, threat actors will send multiple requests to stretch and overwhelm the target's infrastructure with internet traffic, running the target website out of its depth and ultimately preventing it from functioning. The more the requests, the more the magnitude of the attack. To line up a sizable amount of requests, threat actors use previously compromised systems to generate network traffic. These systems could be computers or other web services.

Previous reports of DDoS attacks have gained relevance based on the number of requests generated per second (rps). Last week, a Cloudflare client was the target of an HTTP DDoS attack that amassed way less than 8 million rps. Usually, that amount of rps would be dismissed as impossible, but they are with the existence of botnets.

Cloudflare's latest DDoS report claims its anti-DDoS 'autonomous edge DDoS protection systems' automatically detected and thwarted a 17.2 million rps attack. The primary tool Incorporated in the system is Cloudflare's self-built denial of service daemon (dosd), and they have one for each of their data centers placed around the world. The dosd instances monolithically operate and share discoveries as an intelligent network.

Graph of 17.2M requests-per-second

Upon detection of an attack, Cloudflare's dosd systems move to reduce impact with a real-time syntax familiar to the attack patterns. Many technical operations are performed to ensure Cloudflare can deal with attacks of such magnitude without suffering on the performance end. Cloudflare leverages this system along with its pre-existing, reputational geographical scale and reliability to reduce attacks reaching 68% of its usual per-second rate or higher without the intervention of Cloudflare personnel.

A powerful botnet launched this attack against a Cloudflare client in the financial industry. Within seconds, the botnet flooded Cloudflare's servers with over 330 million attack requests. The attack traffic was traced back to over 20,000 bots in 125 countries around the world. Indonesia had the most amount of bots, with 15% coming from there alone; then 17% from Brazil and India combined.