• Vulnerable U
  • Posts
  • Cloudflare Thwarts Largest DDoS Attack in Internet History

Cloudflare Thwarts Largest DDoS Attack in Internet History

Two attacks on the same target, one going after CPU exhaustion, the other after bandwidth. Both massive.

Author

Matt Johansen
October 03, 2024

Cloudflare's DDoS protection systems have mitigated a month-long campaign of hyper-volumetric attacks, including the largest ever publicly disclosed at 3.8 Tbps. Throughout September, the company's defenses automatically handled over 100 attacks exceeding 2 billion packets per second and 3 terabits per second.

I wish we knew the target, this looks expensive.

source: Cloudflare

Why It Matters: These unprecedented attacks have the potential to take down unprotected Internet properties and even those protected by on-premise equipment or cloud providers with insufficient capacity.

Key Details:

  • Attacks targeted multiple customers in financial services, Internet, and telecommunication industries

  • High packet rate attacks originated from compromised devices including MikroTik devices, DVRs (?!), and Web servers

  • High bitrate attacks came from a large number of compromised ASUS home routers, likely exploiting a recent critical vulnerability (CVE-2024-3080; CVSS: 9.8)

  • Attacks predominantly leveraged UDP on a fixed port, originating globally with larger shares from Vietnam, Russia, Brazil, Spain, and the US

Cloudflare's anycast network and autonomous detection systems were key to mitigating these massive attacks. TL;DR - Anycast means they broadcast a single IP to multiple datacenters, and just route the traffic to the geographically nearest one.

The company's global infrastructure spreads attack traffic across multiple data centers, while real-time signature generation and XDP-based packet processing allow for efficient mitigation.

"Our software-defined, autonomous DDoS detection and mitigation systems run across our entire network," a Cloudflare representative stated.

I covered the CloudFlare data they released this year that showed how 7% of all Internet traffic is related to a DDoS attack. That’s absolutely nuts to me.

What's Next: This broke the records we’ve seen to date for DDoS. I did a quick search and the record was set just about a year ago and we covered that attack too. As attacker capabilities grow, we can imagine the bar on this will continue to be pushed. Teams are going to need to know their DDoS mitigation strategy if they’re going to keep up.