Cloudflare Reports 5.6 Tbps DDoS Attack — Largest Ever Recorded

Cloudflare has recorded and mitigated the largest Distributed Denial of Service (DDoS) attack in internet history — a staggering 5.6 terabits per second (Tbps) targeting a major internet infrastructure provider. The attack lasted 80 seconds and originated from over 13 million compromised IoT devices across 125 countries.

Attack Details

The attack peaked at 5.6 Tbps, nearly doubling the previous record of 3.8 Tbps set in 2024. Cloudflare’s autonomous DDoS protection system detected and mitigated the traffic without human intervention in under 20 seconds.

• Peak volume: 5.6 Tbps
• Duration: 80 seconds
• Attack type: UDP flood using Mirai botnet variant
• Source IPs: 13.2 million across 125 countries
• Target: Unnamed internet infrastructure provider in Eastern Asia

How Cloudflare Stopped It

Cloudflare’s global Anycast network spread the attack traffic across its 300+ data centers worldwide, ensuring no single point was overwhelmed. Their autonomous edge DDoS protection system — running without routing traffic to a centralized scrubbing center — processed and blocked the traffic at line rate.

The Growing DDoS Threat

DDoS attacks have grown dramatically in scale over the past three years, driven by:

• Explosion of insecure IoT devices (cameras, routers, smart TVs)
• Botnet-as-a-service platforms available for as little as $30/hour
• Amplification techniques using DNS, NTP, and QUIC protocols
• AI-optimized attack patterns that probe defenses before peak floods

How to Protect Your Infrastructure

# Check if your server is responding to amplification attacks
# UDP port 53 (DNS) - should not respond to external queries
nmap -sU -p 53 your-server-ip

# Check NTP amplification exposure
ntpdc -n -c monlist your-server-ip

# Rate limit UDP on Linux
iptables -A INPUT -p udp --dport 53 -m limit --limit 100/s --limit-burst 200 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j DROP

The SudoFlare Takeaway

If you run any internet-facing service, DDoS protection is no longer optional. Services like Cloudflare, AWS Shield Advanced, or Akamai Prolexic are essential for anything beyond personal projects. The barrier to launching a multi-Tbps attack is now measured in tens of dollars.