Skip to content(if available)orjump to list(if available)

Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic

Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic

35 comments

·June 21, 2025
Visit

smokel

> A total of 34,500 ports were targeted, indicating the thoroughness and well-engineered nature of the attack.

How is that more complicated than a for-loop?

monster_truck

You can't just spray every port blindly if you are maximally trying to disrupt, there is nuance to it.

lolinder

Right. So why does the fact that they targeted 34,500 ports show it was a well-engineered attack? By itself it's just evidence that they know how to iterate over ports. Coupled with the data size (7.3Tbps) we know they had an enormous botnet. None of this points to a well-engineered attack, it just means that lousy IoT has made botnets incredibly cheap.

A well-engineered attack would not draw headlines for its scale because it would take down its target without breaking any records.

motorest

> A well-engineered attack would not draw headlines for its scale because it would take down its target without breaking any records.

You don't hear much about DDoS that are either comparable in size or bring down targets. How do you explain why this one made the news in spite of not having met your arbitrary and personal bar?

ukuina

Because it's a distributed for loop?

lolinder

Not necessarily. It could be one for loop running on tens of thousands of compromised IoT devices, with the only thing distributed being the command that starts the loops.

saulpw

Sounds like you've never managed tens of thousands of nodes in a distributed system. It's not trivial.

blitq

It’s not :)

ChrisArchitect

[dupe] discussion on source: https://news.ycombinator.com/item?id=44330585

ksec

If I dont want my user to have Cloudflare captcha or for example captcha dont work on my Safari 18.5 running on OpenCore Patcher MacBook 2015. What other options have I got?

VladVladikoff

Most websites don’t need DDOS protection. Many websites which use Cloudflare to block basic bot vulnerability scanning. You could block this type of traffic with other methods; ja3/ja4, Ip to ASN & ASN filtering, etc.

esseph

Your first line is wrong.

While it may not impact your site, it does impact your hosting provider. As their costs go up, your costs go up. Anything on the Internet at this point needs DDoS / scraping protection. If may not drop your service, but your ISP or upstreams may blackhole your route.

The "old web" (current web) was largely based on an open exchange of information.

The "new web", post AI bot scraping, is taking its place. Websites are getting paywalls. Advertising revenue is plummeting. Hosting providers are getting decimated by the massive shift in bandwidth demand and impact to systems scraped by the bots.

nemathod

GRE-Tunnel

VladVladikoff

I’m confused what this would accomplish? Do GRE tunnels drop UDP packets or something?

firebird84

You make a contract with a company that does layer 3 ddos protection, you advertise a route including their AS on a subset of your prefixes and they route to you over a GRE tunnel.

zzzeek

dont piss off any nation-states that would want to take your site down, should help

petee

Fwiw, i have a site with nearly zero content or users; randomly it got ddos'd one day, and never happened again. I think the reasons for a ddos can be wide ranging, from just testing, to nation state, to someone is unhappy with your font choice

inetknght

> to someone is unhappy with your font choice

Everyone hates when I set my app's fonts to courier size 8.

esseph

An 11 year old with a discord account and a stolen credit card can now rent massive capabilities that can take (smaller, limited peered) entire countries offline for brief periods these days.

esafak

Who's doing this and why?

encom

So this "article" "source" is Cloudflare, claiming Cloudflare blocked some super duper mega attack, but gives zero verifiable detail about any of it.

Now I hate Cloudflare with a passion, but even setting that aside, this is journalistic malpractice - it's basically a sponsored post. I was going to say I expected better from Ars Technica, but their glory days are long gone.

decremental

[dead]

curtisszmania

[dead]

balanc

Doesn’t Cloudflare have every incentive to inflate the bandwidth of the attack they have successfully mitigated?

And yes I know that there are Cloudflare employees here so spare me with your pinky swears.

move-on-by

A couple months ago Brain Krebs, who uses Google’s Project Shield, wrote of a very similar attack. 6.3 terabits, all UDP, less then a minute.

https://krebsonsecurity.com/2025/05/krebsonsecurity-hit-with...

x2tyfi

Couldn’t this logic apply to basically every internal metric across every company?

udev4096

Clownflare is more incentivized to make it look like they are the only ones who can defend against such an attack so they could gather more users for backdooring the majority of internet traffic. I wonder if it would be possible to create a peer-to-peer and decentralized DDoS mitigation service for anyone. All you gotta do is donate some of your bandwidth

eviks

How does it counter the incentives of all other companies to make it look like they're not the only one???

perching_aix

Speaking of incentives, what might be the incentives of those referring to them as Clownflare? I sure have to wonder what their biases are, and how fairly they represent the company.