“We saw approximately 120 Gbps hit the edge of our network,” Matthew Prince, co-founder and CEO of CloudFlare told eSecurity Planet. “At that point, the attackers changed their strategy and started targeting our upstream providers.”
Though the DDoS against Spamhaus and CloudFlare was the largest publicly reported DDoS in history, the broader impact on the entire Internet depends on where in the world you are.
“The congestion on the network was almost entirely limited to Europe and, for a brief period of time, Asia,” Prince said. “Whether the Internet slowed down depended on whether your packet was going through a Tier 1 provider or Internet Exchange that was affected.”
Prince explained that when the Internet “slows down,” it really means that packets are being lost and need to be re-sent. “Packet loss is often caused by a port on the network having more traffic sent to it than it can handle,” he said.
While CloudFlare and Spamhaus were under the DDoS attack, the attacker didn’t actually succeed in taking the site offline.
“Spamhaus just proved to the world that a 300 Gbps DDoS attack can be mitigated, they clearly put a lot of forethought into their system architecture and planned for this kind of eventuality,” Andrew Storms, director of security operations for security vendor nCircle, told eSecurity Planet