Cloudflare claims it recently stopped the largest HTTPS DDoS attack ever seen on the Internet. The company detected and mitigated a DDoS attack with 26 million requests per second (RPS). The attack occurred last week and was against a website using Cloudflare’s free plan.
The attacker behind this DDoS attack likely used hijacked servers and virtual machines to send such a large amount of HTTPS requests. Cloudflare says that the attacker also used a powerful botnet of 5,067 devices capable of generating around 5,200 requests per second at peak.
In less than 20 seconds, the botnet generated more than 212 million HTTPS requests from more than 1500 networks located across 121 countries. Most requests came from Indonesia, the United States, Brazil, and Russia.
Cloudflare has an autonomous edge DDoS protection system that automatically detects DDoS attack and them mitigates it using HTTP DDoS Managed Ruleset. The company notes that the HTTPS DDoS attacks are more expensive, hence it cost the attacker more to launch the attack.
“We’ve seen very large attacks in the past over (unencrypted) HTTP, but this attack stands out because of the resources it required at its scale,” said Cloudflare in a blog post.
Back in April 2022, Cloudflare also mitigated a 15.3 million rps attack and a short-lived HTTP DDoS packed at 17.2 million ops in August 2021.
Related Posts
