Cloudflare Mitigates Largest Ever Recorded DDoS Attack at 11.5 Tbps

Cloudflare mitigated the largest DDoS attack ever recorded, an 11.5 Tbps flood that lasted 35 seconds without disrupting online services.

Cloudflare has successfully mitigated the largest DDoS attack (or distributed denial-of-service attack) recorded to date. The attack peaked at 11.5 terabits per second and lasted roughly 35 seconds before being neutralised without disrupting services.

According to Cloudflare, the attack took the form of a massive UDP flood. While early analysis pointed to Google Cloud as a major source of the traffic, further investigation showed that it was generated by a mix of compromised Internet of Things (IoT) devices and multiple cloud providers.

Screenshot via Cloudflare on X (Twitter)

An attack of this scale is designed to overwhelm the internet infrastructure with a flood of requests, effectively knocking services offline if they are not protected. To put the size into perspective, the bandwidth was equivalent to streaming thousands of HD movies at the same time.

This incident is part of a rising trend in record-setting DDoS attempts. In June 2025, Cloudflare mitigated a 7.3 Tbps attack that delivered 37.4 terabytes of data in under a minute.

That DDoS attack followed a 5.6 Tbps attack in 2024. Cloudflare reports that in just the first half of 2025, it has already mitigated more than 27 million attacks, surpassing the total from all of 2024.

While these events highlight the growing scale of DDoS campaigns, experts caution that size alone is not the most important factor. William Manzione, Product Manager at RETN, explained:

“An 11.5 terabit flood sounds dramatic, but its short duration shows why volume is only part of the story. The attacks that matter most are those that combine size with persistence or complexity, multi-vector campaigns that disrupt real users.”

“In 2025, the measure of defence is simple: did websites remain online, did APIs respond, and did businesses continue to operate? At RETN, we have expanded our scrubbing capacity by more than 5000% to deal with today’s multi-terabit floods. What counts is whether customers stay online, not the size of the attack,” William added.

Cloudflare has not identified the target of the attack, but stressed that its systems absorbed the traffic without impact on customers. The company’s mitigation tools handled the event automatically, preventing disruption.

Nevertheless, the 11.5 Tbps record shows how attackers are pushing the limits of internet infrastructure, and why providers are investing heavily in capacity and intelligence to defend against ever-larger DDoS attacks. If you are looking for strong DDoS attack protection, here are 11 of the best firms that specialise in mitigation.