A meticulously crafted denial-of-service (DoS) attack was launched against Datadog's US5 website on April 19, 2024. The attackers targeted several Datadog regions, including a vulnerability in the Classic Application Load Balancer. The incident unfolded as the attackers sent OPTIONS requests with chunked payloads that were not properly handled by the load balancer, causing Envoy proxies to return HTTP 400 error responses. The attack was eventually mitigated through a combination of shifting traffic to an L4 load balancer, implementing custom request headers in Google Cloud Armor, and working with GCP to roll out a permanent fix for the vulnerability. The incident highlighted the need for cross-team collaboration, effective incident management processes, and tooling to detect and respond to complex DoS attacks.