Cloudflare has disclosed that it successfully mitigated the largest DDoS attack recorded to date — a hyper-volumetric UDP flood peaking at 11.5 terabits per second (Tbps).
The attack lasted only 35 seconds, but its scale tells something about the growing headaches network operators face in defending against cloud-enabled botnets capable of overwhelming infrastructure in seconds.
What happened
- The attack traffic originated largely from compromised resources within Google Cloud Platform (GCP), though currently, Google disputes this claim.
- Attack volume ramped from background noise to over 11 Tbps in under 10 seconds.
- The attack was mitigated with rate-limiting and IP filtering immediately, which prevented service disruption.
This event surpassed the 7.3 Tbps DDoS attack reported in June 2025, which itself was record-setting at the time. The new peak represents a 12% increase in bandwidth volume over previous attacks.
Details of the attack: a UDP flood a massive scale
The 11.5 Tbps assault was a UDP flood, aimed at a single IP address and distributed across more than 21,000 ports per second at peak. Cloudflare reports that traffic volume spiked from near zero to record levels in less than 10 seconds, overwhelming normal traffic patterns before defences kicked in.
UDP remains a preferred vector for hyper-volumetric attacks because of its stateless design. Each packet forces the target to allocate processing resources without a handshake, making it easy to exhaust bandwidth and CPU. When attackers hijack cloud instances with effectively unlimited outbound capacity, the impact is amplified — enabling short but devastating bursts of traffic that can saturate backbone links.
Broader trend: hyper-volumetric DDoS campaigns
This attack was part of a wider wave of assaults observed in recent weeks, including multiple events exceeding 1 Tbps and one that delivered 5.1 billion packets per second (Bpps).
The trend is clear: adversaries are leveraging public cloud infrastructure to orchestrate short-lived, massive-scale attacks that overwhelm traditional on-premises defences.
Implications for network operators
For defenders, the key challenges are:
- Speed of escalation – Attacks can peak within seconds, leaving no time for manual intervention.
- Cloud-scale adversaries – Attackers now wield the same elastic resources defenders rely on.
- Protocol choice – UDP floods remain highly effective for bandwidth saturation.
Takeaway
While record-breaking attacks like this one grab headlines, attack volume is only part of the story. Smaller but more persistent floods, application-layer disruptions, and multi-vector campaigns can be just as damaging or more, if they slip past detection. Defending against DDoS requires a holistic view — monitoring the full spectrum of attack types, sizes, and durations — not just preparing for the “biggest attack ever”.
For network operators, this particular incident is a reminder to:
- Continuously review DDoS response strategies.
- Ensure visibility into traffic at high granularity (packet rates, protocol mix, source distribution).
- Rely on automation for mitigation at line rate.
FastNetMon with Cloudflare Integration
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats.
FastNetMon Advanced also integrates natively with Cloudflare Magic Transit, enabling seamless redirection of attack traffic to Cloudflare’s global scrubbing centres. When FastNetMon detects an attack, it can automatically trigger mitigation through Magic Transit, ensuring traffic is cleaned before reaching the target network.
For more information, visit https://fastnetmon.com