Cloudflare has successfully defended against the largest distributed denial-of-service (DDoS) attack ever recorded, a 35-second flood that peaked at 11.5 terabits per second.

Despite the unprecedented scale, Cloudflare’s automated mitigation tools absorbed the traffic without disrupting customer services. The attack took the form of a massive UDP flood, traced back to a mix of compromised Internet of Things (IoT) devices and multiple cloud providers.

This incident highlights the escalating size of DDoS campaigns. Earlier in 2025, Cloudflare mitigated a 7.3 Tbps attack, following a 5.6 Tbps event in 2024. In just the first half of 2025, the company reports handling over 27 million attacks—already surpassing the total from all of 2024. The growing frequency and intensity of these campaigns underscore how attackers are continuously testing the limits of internet infrastructure.

Experts caution, however, that sheer size does not define the most dangerous DDoS attacks. William Manzione, Product Manager at RETN, noted that short-lived floods like this one demonstrate why persistence and multi-vector strategies are often more disruptive than raw bandwidth. “The real measure of defense,” he explained, “is whether businesses remain online and users stay connected.” With attacks scaling into double-digit terabits, providers like Cloudflare and RETN are investing heavily in expanded capacity to ensure resilience against the next wave of threats.