Cloudflare DDoS Threat Report For 2024 Q1 - Slashdot (2024)

Follow Slashdot stories on Twitter


Cloudflare DDoS Threat Report For 2024 Q110

Postedby msmash from the where-things-at dept.

Cloudflare, in a blog post: Key insights from the first quarter of 2024 include:
1. 2024 started with a bang. Cloudflare's defense systems automatically mitigated 4.5 million DDoS attacks during the first quarter -- representing a 50% year-over-year (YoY) increase.
2. DNS-based DDoS attacks increased by 80% YoY and remain the most prominent attack vector.
3. DDoS attacks on Sweden surged by 466% after its acceptance to the NATO alliance, mirroring the pattern observed during Finland's NATO accession in 2023.

We've just wrapped up the first quarter of 2024, and, already, our automated defenses have mitigated 4.5 million DDoS attacks -- an amount equivalent to 32% of all the DDoS attacks we mitigated in 2023. Breaking it down to attack types, HTTP DDoS attacks increased by 93% YoY and 51% quarter-over-quarter (QoQ). Network-layer DDoS attacks, also known as L3/4 DDoS attacks, increased by 28% YoY and 5% QoQ. When comparing the combined number of HTTP DDoS attacks and L3/4 DDoS attacks, we can see that, overall, in the first quarter of 2024, the count increased by 50% YoY and 18% QoQ. In total, our systems mitigated 10.5 trillion HTTP DDoS attack requests in Q1. Our systems also mitigated over 59 petabytes of DDoS attack traffic -- just on the network-layer.

  • Wee Cloudflare (Score:3)

    by binarylarry ( 1338699 ) on Wednesday April 17, 2024 @10:05AM (#64401104)

    Cloudflare is something you sell to dumb CIO's monthly can pretend they took some initiative.

    Cloudflare makes up numbers and installs their bloatware on your servers.

    It's basically McAffe anti-virus for your infrastructure. :(

    Reply to This

    Flag as Inappropriate

    • Re: (Score:3)

      by ihadafivedigituid ( 8391795 )

      Amen. I sent an email to those clowns in December 2019 after they contacted my client following a brief outage. They tried to insinuate that the outage was due to my failure to respond to their sales pitch a year before. Fortunately, I had a great relationship with my client and he immediately forwarded the email to me with a laugh. My message to Cloudflare started thusly:

      Dear Douchebag Salesman -

      I'm pretty sure Cloudflare can do exactly nothing when an EC2 instance running a database goes down unexpectedly due to presumed hardware issues, so what exactly do you want to discuss besides your own sales commissions?

      I think we're still at 99.99989% uptime over the last year, give or take a few minutes, so I don't think my job ("co-founder/cto") is in any danger on this front despite your best efforts to bypass and embarrass me by emailing the client of my company when your watchdog script (or whatever you guys are using) alerted you.

      Total sleazebags.

  • How do I tell cloudflare I'm not an attacker? (Score:1)

    by dargaud ( 518470 )

    I use Firefox on Linux with various ad and javascript blockers. Any site that uses cloudflare lets me load only ONE page before blocking me. I need to change my user agent to anything else to load ONE more page. And repeat. It's f*cking annoying. The message is always the same:
    "Your browser is out of date!
    Update your browser to view this website correctly. More Information.
    Ray ID: 875d19feac104dc4
    Performance & security by Cloudflare"

      • Re: How do I tell cloudflare I'm not an attacker? (Score:2)

        by PPH ( 736903 )

        Time to enable Javascript.

        Which is all that Cloudflare seems to be doing. Checking to see that I have Javascript turned on (and ad blockers off) so that their clients can serve me garbage and track my movements.

        Javascript has f--- all to do with level 3/4 attacks.

    • Re: (Score:2)

      by spaceman375 ( 780812 )

      This doesn't make sense to me. I use firefox under a few flavors of linux, including right now. All of them have adblock+, privacy badger, and ublock origin. I have no problem with cloudflare at all. I used to when I lived in Brazil, but that was years ago and a different problem. Do you actually update firefox? I suspect its just javascript. Have you tried noscript?

      • Re: (Score:2)

        by dargaud ( 518470 )

        Yup I have basically the same settings as you and my OS and Firefox are up to date. I have to check all my addons to see which one causes trouble... Waste of time.

  • also thwarted my browser testing (Score:2)

    by FudRucker ( 866063 )

    i like to try out minimalist browsers. on both android and iphone and the cloudflare authentication here on slashdot and will not let me sign in, so i have to find the right browser that cloudflare approves of


Related Links Top of the: day, week, month.

  • 390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
  • 358 commentsWhat Should Happen to Empty Downtown Office Spaces?
  • 340 commentsHacktivism Erupts In Response To Hamas-Israel War
  • 324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
  • 248 commentsWorkers are Resisting Calls to Return to Offices


One of the chief duties of the mathematician in acting as an to discourage... from expecting too much from mathematics.-- N. Wiener





Cloudflare DDoS Threat Report For 2024 Q1 - Slashdot (2024)


Cloudflare DDoS Threat Report For 2024 Q1 - Slashdot? ›

We've just wrapped up the first quarter of 2024, and, already, our automated defenses have mitigated 4.5 million DDoS attacks -- an amount equivalent to 32% of all the DDoS attacks we mitigated in 2023. Breaking it down to attack types, HTTP DDoS attacks increased by 93% YoY and 51% quarter-over-quarter (QoQ).

How much DDoS can Cloudflare handle? ›

The Cloudflare Difference

Cloudflare's 248 Tbps network blocks 182 billion daily threats on average. Our global network spans over 310 cities & 120 countries to stop attacks on the frontlines.

What is the famous DDoS attack in Cloudflare? ›

One of the largest verifiable DDoS attacks on record targeted GitHub, a popular online code management service used by millions of developers. This attack reached 1.3 Tbps, sending packets at a rate of 126.9 million per second. The GitHub attack was a memcached DDoS attack, so there were no botnets involved.

How quickly can a DoS attack be resolved? ›

This is usually accomplished by flooding the targeted host or network with traffic until the target can't respond or crashes. DoS attacks can last from a few hours to many months, costing companies and consumers time and money while their resources and services are unavailable.

Is Cloudflare DDoS proof? ›

Cloudflare named a "Leader"

According to Forrester, "Cloudflare protects against DDoS from the edge, and fast," and that "customer references view Cloudflare's edge network as a compelling way to protect and deliver applications." Free DDoS for websites & so much more!

Does Cloudflare DNS stop DDoS? ›

To detect and mitigate DDoS attacks, Cloudflare's autonomous edge and centralized DDoS systems analyze traffic samples out of path, which allows Cloudflare to asynchronously detect DDoS attacks without causing latency or impacting performance.

Has Cloudflare ever been hacked? ›

A nation-state threat actor accessed internal Cloudflare systems using credentials stolen during the Okta hack. Web security company Cloudflare on Thursday revealed that a threat actor used stolen credentials to gain access to some of its internal systems.

How good is Cloudflare DDoS protection? ›

Absolutely, Cloudflare's DDoS protection can effectively safeguard a WordPress site. Cloudflare is a pretty solid choice when it comes to preventing DDoS attacks.

What level of DDoS is Cloudflare? ›

In addition to blocking DDoS attacks at layers 4 and 7, Cloudflare mitigates layer 3 DDoS attacks. Cloudflare Magic Transit is designed specifically to stop attacks on internal network infrastructure, including DDoS attacks at any layer.

Are DDoS attacks permanent? ›

Denial-of-service Attacks on Computers

The effect may be temporary, or indefinite depending on what they want to get back for their effort.

Can a DoS attack be traced? ›

DDoS attacks are difficult to trace because most of them are distributed over hundreds and thousands of other devices. Also, those who initiate such attacks usually make an effort not to be found. It's possible to identify DDoS attacks when they happen by using certain cybersecurity tools to analyze the traffic.

Has Google ever been ddosed? ›

Now Google and other top cloud companies are reporting new records for the largest DDoS attacks ever. The Google Cloud was hit by the largest DDoS attack in history this past August, with the digital onslaught peaking at an unprecedented 398 million requests per second (RPS).

What is the ping of death? ›

A Ping of death (PoD) attack is a denial-of-service (DoS) attack, in which the attacker aims to disrupt a targeted machine by sending a packet larger than the maximum allowable size, causing the target machine to freeze or crash. The original ping of death attack is less common today.

How did Google stop the DDoS attack? ›

Google utilized its global load-balancing and DDoS mitigation infrastructure to keep its services running during the DDoS attack, the company noted. It has worked with Amazon, Cloudflare and other industry partners to understand the attack and mitigate it.

What country do most DDoS attacks come from? ›

The most distributed denial of service (DDoS) originated country in the world is China followed by US, UK, France, Korea, Singapore, Japan, Vietnam and Germany.

Does Cloudflare have a limit? ›

Cloudflare does not enforce response limits, but cache limits for Cloudflare's CDN are observed. Maximum file size is 512 MB for Free, Pro, and Business customers and 5 GB for Enterprise customers.

How much traffic does Cloudflare handle? ›

Cloudflare's network currently spans more than 310 cities in over 120 countries/regions, serving an average of over 50 million HTTP(S) requests per second for millions of Internet properties, in addition to handling over 70 million DNS requests per second on average.

How many requests can Cloudflare handle? ›

The global rate limit for the Cloudflare API is 1200 requests per five minutes per user, and applies cumulatively regardless of whether the request is made via the dashboard, API key, or API token.

Top Articles
Latest Posts
Article information

Author: Francesca Jacobs Ret

Last Updated:

Views: 5716

Rating: 4.8 / 5 (68 voted)

Reviews: 91% of readers found this page helpful

Author information

Name: Francesca Jacobs Ret

Birthday: 1996-12-09

Address: Apt. 141 1406 Mitch Summit, New Teganshire, UT 82655-0699

Phone: +2296092334654

Job: Technology Architect

Hobby: Snowboarding, Scouting, Foreign language learning, Dowsing, Baton twirling, Sculpting, Cabaret

Introduction: My name is Francesca Jacobs Ret, I am a innocent, super, beautiful, charming, lucky, gentle, clever person who loves writing and wants to share my knowledge and understanding with you.