Cyber Security News

Largest HTTP DDoS Attack That Peaking At 17.2 Million Requests Per Second

Cloudflare stated that it mitigated a 17.2 million request-per-second (rps) DDoS attack, an attack about three times larger than any previous one that was recorded so far.

This attack took place earlier last month, targeted one of Cloudflare’s customers in the financial industry. The company said that a threat actor used a botnet of more than 20,000 infected devices to flung HTTP requests at the customer’s network to consume and crash server resources.

Largest HTTP DDoS Attack

Cloudflare serves over 25 million HTTP requests per second on average, that is, to the average rate of legitimate traffic in 2021 Q2. This attack reached 68% of our Q2 average rps rate of legitimate HTTP traffic.

Cloudflare’s Average Request Per Second Rate Versus The DDoS Attack

This attack was automatically detected and mitigated by Cloudflare’s autonomous edge DDoS protection systems.

“Analyzing traffic out-of-path allows us to scan asynchronously for DDoS attacks without causing latency and impacting performance”, Cloudflare says.

The report mentions that this autonomous approach, along with the company’s network’s global scale and reliability, help to mitigate attacks that reach 68% of average per-second-rate, and higher, without requiring any manual mitigation or performance degradation.

This attack was launched by a powerful botnet, the company says within seconds, the botnet bombarded the Cloudflare edge with over 330 million attack requests. The attack traffic originated from more than 20,000 bots in 125 countries around the world. Based on the bots’ source IP addresses, almost 15% of the attack originated from Indonesia and another 17% from India and Brazil combined.

Graph of 17.2M rps Attack

The report says the attack also targeted a different Cloudflare customer, a hosting provider, with an HTTP DDoS attack that peaked just below 8 million rps.

The attack target was a major APAC-based Internet service, telecommunications and hosting provider and a gaming company.

How to Stay Protected?

  • Onboard to Cloudflare to protect your Internet properties.
  • DDoS is enabled out of the box, and you can also customize the protection settings.
  • Ensure that both your Cloudflare settings and your origin server settings are optimized. If possible, ask your upstream Internet Service Provider (ISP) to apply an access control list (ACL), or else, attackers may target your servers’ IP addresses directly and bypass your protection.
  • Change the default username and password of any device that is connected to the Internet such as smart cameras and routers.

Protect your home against malware with Cloudflare for Families. Cloudflare for Families is a free service that automatically blocks traffic from your home to malicious websites and malware communication.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

12 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

15 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

15 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

17 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

18 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

19 hours ago