Breaking DDoS news from FastNetMon
At FastNetMon, we recently worked with a customer — a DDoS scrubbing provider — who faced one of the largest DDoS attacks ever publicly recorded.
- The target: the provider’s website
- The scale: 1.5 billion packets per second in a sustained UDP flood
- The source: compromised CPE, including IoT devices and MikroTik routers, spread across 11,000 unique networks worldwide
This disclosure comes shortly after Cloudflare announced mitigation of an 11.5 Tbps DDoS attack. Taken together, these incidents show that adversaries are escalating both packet volumes and bandwidth floods beyond what many networks are prepared to handle.
What makes this case remarkable is the sheer number of distributed sources and the abuse of everyday networking devices. Without proactive ISP-level filtering, compromised consumer hardware can be weaponised at a massive scale.
FastNetMon detected the flood in real time, giving the customer immediate visibility into its size and distribution. Mitigation was then carried out using the provider’s own scrubbing facility, supported by ACLs deployed on edge routers for known amplification vectors.
Both the open-source FastNetMon Community Edition and the FastNetMon Advanced platform are powerful tools for detecting outgoing attacks in real time. While the Community Edition provides robust detection capabilities for a range of networks, FastNetMon Advanced is designed for extreme scalability and high-performance environments.
Some examples of how FastNetMon Advanced handles very large networks:
- Netflow/IPFIX and sFlow modes: deployments exceeding 2 Tbps of traffic have been proven. In these modes, FastNetMon Advanced scales almost indefinitely, using a proprietary high-performance C++ packet parser.
- Port mirror / SPAN mode: FastNetMon Advanced can leverage all available CPU resources. Typically, 2–4 CPU cores are needed per 10–40G port, but with kernel-side sampling, requirements can drop to 1–2 CPU cores for a 40G interface with a high-quality network card.
This technical efficiency allows operators to detect large-scale, high-speed attacks in real time, giving them the visibility required to act quickly and protect critical services from billion-packet floods.
This case demonstrates why scalable detection is more important than ever. As attacks grow larger and more distributed, only modern, high-performance approaches to network visibility can meet the challenge.
About FastNetMon
FastNetMon is a leading solution for network security, offering advanced DDoS detection and mitigation. With real-time analytics and rapid response capabilities, FastNetMon helps organisations protect their infrastructure from evolving cyber threats.For more information, visit https://fastnetmon.com