Mitigating a 754 Million PPS DDoS Attack Automatically

On June 21, 2020, Cloudflare mitigated a highly volumetric DDoS attack that peaked at 754 million packets per second. The attack was part of an organized four-day campaign and targeted a single Cloudflare IP address mostly used for websites on the Free plan. No downtime or service degradation was reported during the attack, and no charges accrued to customers due to Cloudflare's unmetered mitigation guarantee. The attack was detected and handled automatically by Gatebot, their global DDoS detection and mitigation system without any manual intervention. During the four days, the attack utilized a combination of three attack vectors over the TCP protocol: SYN floods, ACK floods, and SYN-ACK floods. Despite the high packet rates, Cloudflare's edge continued serving its customers during the attack without impacting performance at all. The DDoS protection systems Gatebot and dosd were instrumental in detecting and mitigating the attack automatically.