Cloudflare Mitigates 7.3 Tbps DDoS Attack on Hosting Provider

Largest DDoS Attack on Record Neutralized

In May 2025, Cloudflare successfully blocked a massive distributed denial-of-service (DDoS) attack that peaked at 7.3 Tbps. The attack targeted a large hosting provider and broke the previous DDoS traffic record by 12%. In just 45 seconds, attackers pushed 37.4 terabytes of data—enough to stream over 7,500 hours of HD video.

Cloudflare deployed its Magic Transit platform to stop the attack without human assistance. This service offers real-time DDoS mitigation at the network level and helped prevent service disruptions for the provider under attack.

Global Sources and Multiple Attack Methods

The DDoS traffic originated from 122,145 IP addresses across 161 countries, with the largest volume coming from Brazil, Vietnam, Taiwan, China, Indonesia, and Ukraine. The attackers targeted the system using an average of 21,925 destination ports per second, peaking at 34,517.

Cloudflare identified that 99.996% of the attack consisted of UDP floods. Additional methods included QOTD reflection, NTP amplification, Echo reflection, Mirai-based floods, Portmap abuse, and RIPv1 amplification. These vectors focused on legacy or misconfigured services.

Cloudflare’s Network Defense and Community Protection

Cloudflare used its global anycast network to distribute attack traffic across 477 data centers in 293 locations. Technologies like real-time packet fingerprinting and intra-center gossiping were key to automating defense without delay.

Cloudflare also updated its DDoS Botnet Threat Feed with indicators from the attack. This free tool helps over 600 organizations block suspicious IP addresses before attacks occur. Businesses concerned about large-scale DDoS threats are encouraged to subscribe and enhance their defense capabilities.