The Cloudflare Blog: Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack

Jun 19, 2025

—

Source URL: https://blog.cloudflare.com/defending-the-internet-how-cloudflare-blocked-a-monumental-7-3-tbps-ddos/
Source: The Cloudflare Blog
Title: Defending the Internet: how Cloudflare blocked a monumental 7.3 Tbps DDoS attack

Feedly Summary: In mid-May 2025, blocked the largest DDoS attack ever recorded: a staggering 7.3 terabits per second (Tbps).

AI Summary and Description: Yes

**Summary:** This text details Cloudflare’s successful mitigation of a record-breaking DDoS attack of 7.3 Tbps, showcasing their advanced DDoS protection systems and techniques. The significance of the report lies in the innovative use of decentralized data centers and autonomous traffic management strategies that can help organizations enhance their DDoS defenses.

**Detailed Description:**
The provided text offers an in-depth analysis of Cloudflare’s mitigation of the largest recorded Distributed Denial-of-Service (DDoS) attack in history, highlighting several critical aspects relevant to security professionals. The attack, measured at 7.3 terabits per second (Tbps), represents a significant milestone in the landscape of internet security and challenges faced by hosting providers and critical internet infrastructure.

– **Record-Breaking Attack:** Cloudflare successfully blocked a 7.3 Tbps DDoS attack, marking a new record for attack size.
– **Attack Details:**
– Delivered a staggering 37.4 terabytes of traffic in just 45 seconds.
– Executed as a multivector attack, primarily utilizing UDP floods, and included several reflection and amplification techniques.
– Originated from over 122,145 unique IP addresses across various countries, highlighting the global threat landscape.

– **Attack Vectors:**
– Description of the types of DDoS attacks (e.g., UDP floods, QOTD reflections, NTP reflections) and strategies for mitigating these threats.
– Explicit preventive measures for organizations to implement to avoid being exploited as reflection/amplification points.

– **Mitigation Strategies:**
– Cloudflare’s DDoS protection was implemented over a distributed network, allowing for the mitigation of attack traffic effectively and efficiently by harnessing global anycast routing.
– Real-time packet sampling and analysis were utilized to identify and defend against attack patterns through automated systems.
– Insight into how attacks were detected and mitigated autonomously, emphasizing the importance of an efficient, fast, and resilient system without human intervention.

– **Implications for Security Professionals:**
– The example provided in the text serves as a case study for organizations looking to improve their DDoS defenses and highlights the importance of having robust security infrastructures.
– Security professionals should take note of the sophisticated techniques employed by attackers and the necessary countermeasures to thwart such attacks.
– The concept of using threat intelligence exchange and shared real-time information about attacks showcases an emerging trend in collaborative defense mechanisms in cybersecurity.

This analysis stresses the continuous evolution of DDoS threats and the importance of adaptive, multi-layered security strategies in protecting critical infrastructure while retaining service quality for legitimate traffic.

1 2 2025 3 4 5 7 a adaptive addresses advanced AI analysis and anycast art as attack attack patterns attack vector attack vectors attackers attacks Auto Automated Systems autonomous being Bi by Byte C case study centers challenges CI Cloud Cloudflare co Col collaborative concept continuous evolution Countermeasures critical critical infrastructure cross cyber cybersecurit Cybersecurity D data data center data centers DDoS DDoS attack DDoS attacks DDoS protection de decentralized defense defense mechanism defense mechanisms defenses denial depth distributed network DoS DoS attack DoS attacks e effective efficient emerging end Entra event exp exploit face fast for full g Gen git H high Highlight hosting hosting provider HR http HTTPS human implications implications for security in information infrastructure infrastructures Intel intelligence inter intern internet internet infrastructure internet security io IP addresses ite J Just k l Labor land large layered security led Li low M man management management strategies measures mid milestone mitigation mitigation strategies multi N network new no NTP o of off on one organization organizations ory oS oS attack oS attacks oS protection out over patterns phi point pre preventive measures pro professionals protection ps Q quality R rate RCE real real-time record red Reflection report Resil Ro robust security RoT routing s sam sampling sec security security infrastructure security professionals security strategies service SHA Sig size source SSE strategies structures study system systems T Tails tech techniques ted text the threat threat intel threat intelligence threat landscape threats Time time information to Tor TP traffic Traffic Management trie two type UDP US use V vectors Wi x yt