Cloudflare Stops Over 71 Million RPS Record-Breaking DDoS Attack

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Feb 14, 2023 01:47 am PST

Cloudflare thwarted the largest volumetric distributed denial-of-service (DDoS) attempt ever this past weekend. The company reported that it had stopped dozens of hyper-volumetric DDoS attempts over the weekend that had been directed at its clients. The most extraordinary attack exceeded 71 million requests per second (RPS), according to researchers at Cloudflare named Omer Yoachimik, Julien Desgats, and Alex Forster.

This attack is 35% larger than the previous record-holder, a 46M RPS HTTP DDoS in June 2022. Over 30,000 IP addresses from numerous cloud providers were used in the attacks, which were directed at a wide range of targets, including gaming companies, cloud computing platforms, cryptocurrency corporations, and hosting providers.

DDoS Graph @Cloudflare

Cloudflare’s recent DDoS threat assessment, which presents a bleak picture, is consistent with the trend of more powerful and more frequent DDoS attacks: There was a 79% annual increase in HTTP DDoS attacks and a 67% quarterly increase in volumetric attacks of 100 Gbps or more (QoQ). Compared to the previous quarter, there was an 87% YoY rise in the frequency with which attacks lasted longer than three hours.

After announcing in August 2022 that it had stopped a DDoS attack on HTTPS targeting a Google Cloud Armor customer with 46 million RPS, Google has now announced the results of that attack. The previous record was an HTTPS DDoS of 26 million RPS in June, which Cloudflare successfully mitigated.

Since 2021, when multiple botnets started using powerful machines to launch millions of requests per second against targets, the magnitude of volumetric DDoS attacks has steadily increased. In September 2021, the Mris botnet launched an attack against Yandex with 21.8 million RPS, and it had previously targeted a Cloudflare customer with 17.2 million RPS.

The FBI has taken down numerous websites and arrested six people in connection with the widespread distribution of software known as “Booter” and “Stresser,” which may be used to initiate distributed denial of service assaults.

This action was taken as part of Operation PowerOFF, a more considerable worldwide effort to shut down DDoS-for-hire services coordinated by law enforcement agencies around the world.

The FBI is collaborating with the National Crime Agency in the United Kingdom and the Police of the Netherlands to target people who are looking for DDoS services online by displaying advertisements on search engines.

If you typed in “booter service,” for instance, Google would serve you an ad reading, “Try Googling “DDoS tools” if you want to find them. This is called booting, and it is against the law.”

Previous Record-Setting 17.2 Million RPS DDoS Attack Prevented By Cloudflare Last year

Cloudflare, a company that offers security and online performance services, claims to have discovered and stopped what is likely the greatest volumetric distributed denial-of-service (DDoS) attack ever, which at its peak was making 17.2 million requests per second (RPS).

The attack hit 68% of the average 25 million HTTP requests per second of genuine traffic that Cloudflare served daily during the year’s second quarter, making it almost three times greater than any prior volumetric DDoS attack. In a matter of seconds, it had received more than 330,000,000 attacks.

More than 20,000 bots from 125 countries sent attack requests to the target organization, which was in the banking industry. Indonesia contributed about 15%, and together India and Brazil accounted for another 17%.

Cloudflare reports that the botnet has lost only 2% of its original 30,000 bots but can still generate massive traffic spikes very quickly (seconds).


On Monday, Cloudflare, an Internet infrastructure provider, announced that it had successfully blocked a distributed denial-of-service (DDoS) attack with a peak rate of more than 71 million requests per second (RPS). The business described this as a “hyper-volumetric” DDoS attack and reported that the majority of attacks peaked at between 50 and 70 million requests per second (RPS), with the largest topping 71 million. More than 35 percent larger than the previous 46 million RPS DDoS attack that Google Cloud handled in June 2022, this is the greatest HTTP DDoS attack reported to date. Attacks, according to Cloudflare, originated from a botnet of more than 30,000 IP addresses belonging to “several” cloud providers and specifically targeted websites protected by their platform.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x