Cloudflare Says It Mitigated a Record-Breaking 17.2 Million HTTP RPS DDoS Attack

Internet infrastructure company Cloudflare disclosed today that it mitigated the largest volumetric distributed denial of service attack that was recorded to date. From a report: The attack, which took place last month, targeted one of Cloudflare’s customers in the financial industry. Cloudflare said that a threat actor used a botnet of more than 20,000 infected devices to flung HTTP requests at the customer’s network in order to consume and crash server resources.

Called a volumetric DDoS, these are different from classic bandwidth DDoS attacks where threat actors try to exhaust and clog up the victim’s internet connection bandwidth. Instead, attackers focus on sending as many junk HTTP requests to a victim’s server in order to take up precious server CPU and RAM and prevent legitimate users from using targeted sites. Cloudflare said this attack peaked at 17.2 million HTTP requests/second (rps), a figure that the company described as almost three times larger than any previous volumetric DDoS attack that was ever reported in the public domain.