Massive 7.3 Tbps DDoS Attack Sends 37.4 Terabytes of Traffic in Under a Minute

In mid-May 2025, Cloudflare autonomously blocked the largest distributed denial-of-service (DDoS) attack ever recorded, peaking at 7.3 terabits per second (Tbps).

The assault targeted a hosting provider customer, delivering 37.4 terabytes of data in just 45 seconds, equivalent to flooding a network with 9,350 HD movies or 9.35 million songs in under a minute.

This attack surpassed Cloudflare’s previous record of 6.5 Tbps (April 2025) by 12% and exceeded a recent attack on KrebsOnSecurity by 1 Tbps.

Attack Mechanics and Origins

The attack was a multivector barrage, with 99.996% classified as UDP floods aiming to saturate network links.

The remaining 0.004% (1.3 GB) included:

• Reflection/amplification techniques: QOTD (UDP/17), Echo (UDP/7), NTP (UDP/123), Portmap (UDP/111), and RIPv1 (UDP/520)1.
• Botnet involvement: Mirai-generated UDP floods from compromised IoT devices.

Originating from 122,145 unique IP addresses across 5,433 autonomous systems in 161 countries, nearly half the traffic emanated from Brazil and Vietnam.

Other significant sources included Taiwan, China, Indonesia, and the United States.

Autonomous Mitigation System

Cloudflare neutralized the attack using global anycast routing, distributing traffic across 477 data centers in 293 locations.

Key defenses included:

1. Real-time fingerprinting: Linux kernel eBPF programs sampled packets to identify attack patterns via the dosd heuristic engine.
2. Autonomous mitigation: Threshold-triggered eBPF rules dropped malicious packets within seconds, with no human intervention.
3. Global threat intelligence: Servers “gossiped” fingerprint data across data centers to refine mitigation accuracy.

This incident underscores the escalating scale of DDoS threats against critical infrastructure and the efficacy of automated, always-on protection systems in sustaining internet resilience.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates