1. Cloudflare blocked a record 7.3 Tbps DDoS attack in mid-May 2025, delivering 37.4 TB of malicious traffic in 45 seconds.
2. Targeting a hosting provider using Cloudflare's Magic Transit, the attack surpassed the previous record by 12%.
3. It used sophisticated multi-vector techniques, mainly UDP floods (99.996%), with additional amplification attacks.
4. Zero-touch architecture with anycast routing and gossip protocol quickly contained the attack, showcasing unparalleled scalability.
Cloudflareβs defense systems leverage advanced packet sampling technology using eXpress Data Path (XDP) and extended Berkeley Packet Filter (eBPF) programs within the Linux kernel to analyze traffic patterns in real-time, according to the report.
The companyβs proprietary heuristic engine, dubbed βdosdβ (denial of service daemon), automatically generated multiple fingerprint permutations to identify attack patterns while minimizing impact on legitimate traffic.
The attack was detected and mitigated across 477 data centers in 293 global locations using anycast routing, which distributed the attack traffic across Cloudflareβs network infrastructure.
Each data center maintained localized threat intelligence caches updated through a gossip protocol, ensuring sub-second propagation of emerging attack signatures across the entire network.
This integrated autonomous framework achieved zero-touch mitigation for the 7.3 Tbps attack, fully containing the incident within its 45-second duration without triggering incident response protocols.
The entire mitigation process occurred autonomously without human intervention, alerts, or service incidents, showcasing the effectiveness of modern cloud-based DDoS protection systems in defending against increasingly sophisticated cyber threats.