Back in July, the company was able to thwart a 17.2 million request-per-second (rps) DDoS attack which was almost three times larger than any previously recorded DDoS attacks.
To put this in perspective, Cloudflare points out in a new blog post that it served 25m HTTP requests per second on average during Q2 2021 which means the attack generated 68 percent of its Q2 average rps rate of legitimate HTTP traffic.
The botnet used to launch this attack has reappeared at least twice in recent weeks and Cloudflare says that it was also used to target one of its customers in the web hosting industry with an HTTP DDoS attack that peaked just below 8m rps.
Automated DDoS detection and mitigation
Cloudflare was able to stop this massive attack and others like it thanks to its autonomous edge DDoS protection systems that are capable of automatically detecting and mitigating DDoS attacks.
The system is powered by the company’s own denial of service daemon (dosd) which is a home-grown software-defined daemon. Cloudflare runs a unique dosd instance in every server housed in its data centers around the world.
Each dosd instance can independently analyze traffic samples that are out-of-path and by doing so, this allows the company to asynchronously scan for DDoS attacks without introducing latency or impacting performance. Findings related to DDoS attacks are then shared between the dosd instances in a data center to serve as a form of proactive threat intelligence sharing.
Due to the global scale and reliability of its network along with this autonomous approach, Cloudflare can mitigate attacks that reach 68 percent of its average per-second-rate and higher without the need for manual mitigation by its staff.
While Cloudflare was able to stop this 17.2m rps DDoS attack, there will likely be larger attacks in the future as cybercriminals devise new attack methods and the botnets used to carry out these attacks continue to add more IoT and other devices to their ranks.