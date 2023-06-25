from the faster-than-downloading-your-steam-library dept.
This is the largest DDoS attack ever on record, so far.
Internet security provider Cloudflare said that it has recently blocked the largest DDoS attack in recorded history, with one of its clients being targeted by a massive cyber assault that saw its IP address flooded with 7.3 Tbps of junk traffic. The total amount of data sent to the target was 37.4 terabytes, which might not seem incredible at first glance, says The Cloudflare Blog. However, the speed at which the amount of data is served is astounding, as it was all sent over in less than a minute. In context, 37.4TB translates roughly to 9,350 high-definition movies, over 9 million songs, or 12.5 million photos — transferred in just 45 seconds.
The attackers used multiple attack vectors, primarily exploiting User Datagram Protocol (UDP for its quick delivery method versus the usual TCP that most internet traffic uses. UDP is preferred in applications that require real-time response, such as video streaming, online gaming, and virtual meetings. That’s because it does not wait for the two devices talking over the internet to have a proper handshake. Instead, it sends the data and hopes the other party receives it. Because of this, UDP flood attacks are one of the most common tools in DDoS campaigns.
Because of this, the perpetrators could simply send traffic to all the ports on their target. Since the target must respond to each query, it would soon overwhelm its resources, especially with the massive amount of information transferred in this incident.
The threat actors also used reflection attacks to supplement their main push. This is also called a reflection/amplification attack, as it spoofs the target’s IP address and then requests information from a third-party, which can be a Network Time Protocol service or through the Quote of the Day (QOTD) or Echo protocols. The third party would then respond with the appropriate data and send it to the victim's address. If the attacker sends enough requests, it could overwhelm the target IP unless it uses proper protection.
Unfortunately, this isn’t the first time a record-breaking DDoS attack has happened recently. Microsoft was hit with a record-breaking 3.47 Tbps DDoS attack in January 2022, but this was surpassed in October 2024 with a 5.6 Tbps attack on an internet provider in East Asia. April 2025 again saw another massive attack, with a 6.5 Tbps assault lasting almost 49 seconds, which Cloudflare reported.
Although there are already protections to prevent DDoS attacks from knocking out servers and websites, many threat actors still use botnets with access to tens, if not hundreds, of thousands of compromised devices. After all, this is a relatively cheap and easy way of testing a target’s defenses, with some even using it to extort online businesses so that such attacks would not target them.
(Score: 4, Interesting) by looorg on Tuesday June 24, @08:52AM
Who was the victim? Seems like that would have been a fairly important detail in this massive never before seen attack. It could have revealed a lot of the why.
(Score: 3, Informative) by shrewdsheep on Tuesday June 24, @09:28AM (2 children)
Which is untrue. First, the target will, in general, not respond to most queries. Instead most packages will be dropped. Second, packages will be received and headers will be parsed but that does not imply resources will be overwhelmed. This will only happen if legitimate queries will be made that consume CPU on the server and the server has no throttling mechanisms to assure proper operation.
Outside users will be denied access as the connection is saturated.
(Score: 3, Interesting) by pkrasimirov on Tuesday June 24, @10:00AM
> Which is untrue. First, the target will, in general, not respond to most queries. Instead most packages will be dropped.
Given the attack was via UDP and on random ports, that is correct. Most of these won't even parse anything as they would hit no listener. However even this little "if ... then drop" can overwhelm the server, given the massive amount of such operations to perform. I didn't find the packet size or number of packets in TFA but assuming 1500 bytes per packet that's 27 414 489 919 packets to handle.
> Estimating time to handle 27,414,489,919 packets:
> At 1,000 packets per second (a modest rate for a normal server), it would take about 317 days to receive all packets.
> At 10,000 packets per second (highly optimized server), it would take about 31.7 days.
> At 1,000,000 packets per second (very high-end hardware and tuning), it would take about 7.6 hours.
> Given typical server hardware and no listener on the port, the realistic processing rate is likely closer to a few thousand packets per second, so handling 27 billion packets would take on the order of weeks to months.
The above accounts for the NIC more than the raw CPU power.
So in reality it's only possible to stop this as close to the entry point as possible. For example if the host never opened for UDP in the first place, they know they can simply drop everything UDP with that IP as destination.
(Score: 4, Touché) by janrinok on Tuesday June 24, @10:13AM
But isn't that the precise purpose of a DDoS? Sounds like it achieves the aim but you are arguing that the CPU isn't overwhelmed. If the site is unusable does it matter which weak link is responsible?
