Cloudflare has said it had automatically detected & mitigated a DDoS attack that peaked just below 2 Tbps — the largest to date.
Cloudflare said on its official blog that this was a multi-vector attack combining DNS amplification attacks & UDP floods. The entire attack lasted just one minute. The attack was launched from approximately 15,000 bots running a variant of the original Mirai code on IoT devices & unpatched GitLab instances.
Here’s How Cloudflare Stopped This Attack
Cloudflare’s systems constantly analyze traffic samples “out-of-path” which allows it to asynchronously detect DDoS attacks without causing latency or impacting performance. Once the attack traffic was detected (within sub-seconds), its systems generated a real-time signature that surgically matched against the attack patterns to mitigate the attack without impacting legitimate traffic.
Once generated, the fingerprint was propagated as an ephemeral mitigation rule to the most optimal location in the Cloudflare edge for cost-efficient mitigation. In this specific case, as with most L3/4 DDoS attacks, the rule was pushed in-line into the Linux kernel eXpress Data Path (XDP) to drop the attack packet at wirespeed.
Image credit: Cloudflare
