30.06.2025 19:03:00
Дата публикации
In May 2025, Cloudflare successfully mitigated one of the largest DDoS attacks in internet history. The target was a major hosting provider using the Magic Transit service. Despite the unprecedented traffic volume, the defense system responded automatically — with no user disruption and no manual input.
The attack lasted just 45 seconds but generated tens of terabytes of malicious traffic. It originated from over 120,000 IP addresses across 161 countries, with the highest activity from Brazil, Vietnam, Taiwan, and China.
What made the attack unique was its dispersion: packets were sent to tens of thousands of ports simultaneously. This overwhelmed even advanced filtering systems. At peak, the network saw over 34,000 requests per second.
The primary vector was UDP flooding, but legacy methods like QOTD, Echo, NTP amplification, Mirai botnet activity, and RIPv1 exploits were also detected. Though minor in volume, these added diagnostic complexity and probed for weaknesses.
Experts say this multi-vector approach signals a sophisticated, layered attack — not brute force, but a coordinated operation with reconnaissance elements.
The key to defense was Cloudflare’s Anycast architecture, which distributed traffic across 477 global data centers. Each node identified and neutralized threats in real time, without human oversight.
All decisions were made by algorithms. This allowed the system to stop the attack before it impacted the client or triggered service degradation. Such automation is becoming essential for critical infrastructure protection.
Cloudflare emphasizes: manual response is no longer viable. Only automation, scalability, and distributed infrastructure can counter today’s evolving threats.
The attack lasted just 45 seconds but generated tens of terabytes of malicious traffic. It originated from over 120,000 IP addresses across 161 countries, with the highest activity from Brazil, Vietnam, Taiwan, and China.
What made the attack unique was its dispersion: packets were sent to tens of thousands of ports simultaneously. This overwhelmed even advanced filtering systems. At peak, the network saw over 34,000 requests per second.
The primary vector was UDP flooding, but legacy methods like QOTD, Echo, NTP amplification, Mirai botnet activity, and RIPv1 exploits were also detected. Though minor in volume, these added diagnostic complexity and probed for weaknesses.
Experts say this multi-vector approach signals a sophisticated, layered attack — not brute force, but a coordinated operation with reconnaissance elements.
The key to defense was Cloudflare’s Anycast architecture, which distributed traffic across 477 global data centers. Each node identified and neutralized threats in real time, without human oversight.
All decisions were made by algorithms. This allowed the system to stop the attack before it impacted the client or triggered service degradation. Such automation is becoming essential for critical infrastructure protection.
Cloudflare emphasizes: manual response is no longer viable. Only automation, scalability, and distributed infrastructure can counter today’s evolving threats.
