Cloudflare has revealed that it detected and mitigated the largest HTTPS DDoS attack on record which was making 26 million requests per second. The target was one of Cloudflare’s customers on a Free plan. The announcement comes just two months after it said it prevented another large HTTPS DDoS attack against another of its customers.
Similar to the attack in April, this one mostly came from Cloud Service Providers rather than Residential Internet Service Providers. This means virtual machines and servers were hijacked to carry out the attack rather than Internet of Things (IoT) devices. The botnet that carried out this attack was made up of 5,067 devices with each node making 5,200 requests per second at the peak of the attack.
Cloudflare pointed out that this attack was done over HTTPS which means it not only costs more money to launch the attack, but also to mitigate it. The botnet’s attack originated from 121 countries with Indonesia, the United States, Brazil, and Russia seeing the most requests coming from their countries. 3% of the attack was also carried out over Tor connections.
Cloudflare said that all customers on its Free and Pro plans are protected against attacks like these. Its protection is unmetered and unlimited so no matter the size of the attack or the duration, customers won’t be charged more for the services.