DDoS Defender Targeted in Record-Breaking 1.5 Billion Packets Per Second Attack
London, UK – September 10, 2025 – A DDoS scrubbing provider was the target of a massive distributed denial-of-service (DDoS) attack peaking at 1.5 billion packets per second (Bpps), making it one of the largest volumetric attacks ever recorded. The attack, detected in real-time, underscores a growing trend of increasingly powerful DDoS attacks leveraging compromised consumer devices.
The malicious traffic originated from over 11,000 unique networks worldwide, primarily utilizing compromised customer-premises equipment (CPE) – including iot devices and routers – to flood the targeted service with UDP packets. fastnetmon, the company that detected and analyzed the attack, did not disclose the name of the customer but confirmed thay specialize in filtering malicious traffic through techniques like packet inspection, rate limiting, CAPTCHA, and anomaly detection.
Mitigation efforts, including the deployment of access control lists (ACLs) on edge routers, successfully absorbed the attack. This incident follows closely on the heels of Cloudflare’s announcement earlier this week of blocking a 11.5 terabits per second (Tbps) DDoS attack, further illustrating the escalating scale of these threats.
Both attacks aimed to overwhelm the receiving end’s processing capabilities, leading to potential service outages. According to FastNetMon founder Pavel Odintsov, the sheer number of distributed sources and the exploitation of everyday networking devices are particularly concerning.
“What makes this case remarkable is the sheer number of distributed sources and the abuse of everyday networking devices. without proactive ISP-level filtering, compromised consumer hardware can be weaponised at a massive scale,” Odintsov stated in a press release. He emphasized the need for industry-wide action, advocating for “detection logic at the ISP level to stop outgoing attacks before they scale.”
