The Largest HTTPS DDoS Attack in the Cloudflare’s History: Details and Actions

by Dan Goodin
Industry News 10 May 2022

Cloudflare reports about a record-volume HTTPS DDoS attack in the company’s business history. The systems found a 15.3 million request-per-second (RPS) charge and managed to mitigate it. Let us disclose the details. 

Was That The Largest Attack Ever? 

No. There were more powerful attacks. The recent informational pounce was the vastest HTTPS one. Still, the company reported a 17.2M RPS DDoS attack on 19.08.2021 — that one was the largest. 

What Was the DDoSer Targeting? 

The DDoS attack was directed at a Cloudflare customer on the Pro plan. That operation was meant to hinder a crypto launchpad. That launchpad surfaces Defi projects to potentially interested investors. The company also highlights that the system recognized the attacks’ pattern of a botnet under their observation. 

What Was the Attacks’ Traffic? 

The company noticed a compelling detail: the attack’s sources were mostly data centers — the number of bots reached 6,000. One hundred twelve countries became the origin of the mentioned bots. 15% of the whole volume came from Indonesia, Russia, India, Columbia, and the USA. In brief: 

  • 6,000 bots; 
  • The biggest traffic was from Indonesia; 
  • The attack originated from 1,300 networks. 

The top networks were: 

  • German provider Hetzner Online GmbH; 
  • Azteca Comunicaciones Colombia; 
  • OVH in France; 
  • Cloud providers. 

Autonomous System VS the Attack 

The company minimized the damage by using software-defined systems that function independently. That component samples traffic asynchronously and then conducts analysis. If the results indicate an attack, the system mitigates it. That was not the first occurrence in Cloudflares’ business history. So, the system worked as usual. 

Should the Customers Act? 

The company does not agitate customers to take any action. The system functions without drawbacks. So, users have zero reasons to worry about their resources as everything works properly. Moreover, that was not the vastest attack. The distinctive trait of that occurrence is that it was the largest HTTPS one. Still, every user may revise how to customize HTTP DDoS safety settings.

We use cookies on our site to ensure that we give you the best browsing experience. By continuing to browse the site, you agree to this use. For more information on how we use cookies, see our Cookie Policy and Privacy Policy.

Got IT