Cloudflare mitigates biggest ever DDoS attack, which tried to pelt its target with 11.5 Tbps of data in less than a minute

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Email

Share this article

1

Join the conversation

Follow us

Add us as a preferred source on Google

Newsletter

Get the PC Gamer Newsletter

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

---

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

---

Want to add more newsletters?

Every Friday

GamesRadar+

Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.

Signup +

Every Thursday

GTA 6 O'clock

Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.

Signup +

Every Friday

Knowledge

From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.

Signup +

Every Thursday

The Setup

Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.

Signup +

Every Wednesday

Switch 2 Spotlight

Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.

Signup +

Every Saturday

The Watchlist

Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.

Signup +

Once a month

SFX

Get sneak previews, exclusive competitions and details of special events each month!

Signup +

---

An account already exists for this email address, please log in.

Subscribe to our newsletter

Is it a day ending in 'y'? Well then that makes it just about time for Cloudflare to announce it's mitigated yet another record-breaking DDoS attack—this time to the tune of 11.5 Tbps (that's terabits per second) at its peak. Might as well add 'hyper-volumetric DDoS attack' to my list of sleep paralysis nightmares.

Anyway, Cloudflare shared on X that the attack in question was specifically a UDP flood-style attack. Cloudflare have their own helpful explainer of what this style of attack entails, but another way to describe it would be to deploy another of my tried and true club metaphors.

So picture this: rather than rocking up to the club and pinning all of your hopes on one fake ID, you instead fling fistfuls of counterfeit credentials at the bouncer and, in the ensuing confusion, tear inside the club. Whatever you do in there takes the fine establishment out of commission for the rest of the night.

This specific attack attempted to overwhelm its target with 5.1 billion packets per second (that's a whole lot of 'fake IDs'). Cloudflare say it successfully mitigated the attack, which only lasted about 35 seconds in the end.

Originally, Cloudflare said it had traced the attack to somewhere within Google Cloud but a more complex picture has since emerged. In a recent update, Cloudflare posted that the attack came from a number of cloud service providers as well as internet of things type devices. The company clarified, "While Google Cloud was one source, it was not the majority."

Cloudflare says that a more in-depth breakdown of this doozy of a DDoS attack will feature in its next report—and I, for one, cannot wait to get into all of the metaphorical club gossip. Especially as this recent attack makes the previous record breaker—an attack Nick helpfully described as comparable to "over 260 copies of Baldur's Gate 3 in less than a minute"—seem like a downright forgettable drop of tea.

Besides mitigating massive DDoS attacks, Cloudflare has also been in the news for its Pay Per Crawl scheme. Rather than AI crawlers hoovering up your website data completely unfettered, Cloudflare now automatically blocks the bots, with the Pay Per Crawl scheme allowing creators to 'opt in' and get paid.

Considering figures from last year suggested that bots account for half of global web traffic, charging AI companies for the privilege of slurping up 'training data' is hardly an unpopular idea. However, not everyone wanted to play by Cloudflare's rules, resulting in a post calling out AI search engine company Perplexity for "using stealth, undeclared crawlers to evade website no-crawl directives." Perplexity clapped back by calling the company "more flair than cloud." Might want to go back to the drawing board on that one…

Best gaming PC 2025

👉Check out our full guide👈

1. Best overall:
HP Omen 35L

2. Best budget:
Lenovo Legion Tower 5i

3. Best high-end:
Corsair Vengeance A7500

4. Best compact:
Velocity Micro Raptor ES40

5. Alienware:
Alienware Area-51

6. Best mini PC:
Minisforum AtomMan G7 PT