Latest news with #UDP
TECHx
24-06-2025
- TECHx
Cloudflare Blocks Record 7.3 Tbps DDoS Attack
Home » Emerging technologies » Cyber Security » Cloudflare Blocks Record 7.3 Tbps DDoS Attack Cloudflare has revealed that it blocked the largest Distributed Denial-of-Service (DDoS) attack ever recorded in mid-May 2025. The attack peaked at 7.3 terabits per second (Tbps), surpassing previously recorded threats. This news follows the company's Q1 2025 DDoS threat report, released on April 27, which highlighted major attacks reaching 6.5 Tbps and 4.8 billion packets per second (pps). The target was a hosting provider using Cloudflare's Magic Transit service to protect its IP network. Attacks on hosting and infrastructure providers are reportedly increasing, according to Cloudflare's threat report. The 7.3 Tbps attack transferred 37.4 terabytes of data in just 45 seconds. This is equivalent to: Streaming 7,480 hours of HD video nonstop Downloading 9.35 million songs in under a minute Cloudflare's systems detected and blocked the attack automatically, ensuring zero service disruption. The attack used a newly emerging method exploiting HTTP/2, a common web protocol. At its peak, it delivered over 200 million requests per second, aiming to overwhelm robust infrastructure. Cloudflare reported that the attack: Targeted an average of 21,925 ports on a single IP address Peaked at 34,517 destination ports per second Originated from over 122,145 source IPs across 5,433 autonomous systems in 161 countries About 50% of the traffic came from Brazil and Vietnam. Other sources included Taiwan, China, Indonesia, Ukraine, Ecuador, Thailand, the U.S., and Saudi Arabia. The multivector attack was mostly composed of UDP floods, with smaller volumes of QOTD reflection, Echo, NTP, Mirai, Portmap, and RIPv1 amplification attacks. To help providers respond to such threats, Cloudflare offers a free DDoS Botnet Threat Feed. Over 600 global organizations have subscribed to this API-based feed to identify abusive IPs within their networks. Cloudflare confirmed that its DDoS protection systems neutralized the threat without human intervention, alerts, or incidents. The company emphasized its commitment to building a safer Internet and providing free, unmetered DDoS protection. Cloudflare's global network spans over 300 cities in more than 100 countries. Its automated systems are designed to respond quickly and effectively to evolving cyber threats.
Yahoo
23-06-2025
- Yahoo
Massive DDoS attack delivered 37.4TB in 45 seconds, equivalent to 10,000 HD movies, to one victim IP address — Cloudflare blocks largest cyber assault ever recorded
When you buy through links on our articles, Future and its syndication partners may earn a commission. Internet security provider Cloudflare said that it has recently blocked the largest DDoS attack in recorded history, with one of its clients being targeted by a massive cyber assault that saw its IP address flooded with 7.3 Tbps of junk traffic. The total amount of data sent to the target was 37.4 terabytes, which might not seem incredible at first glance, says The Cloudflare Blog. However, the speed at which the amount of data is served is astounding, as it was all sent over in less than a minute. In context, 37.4TB translates roughly to 9,350 high-definition movies, over 9 million songs, or 12.5 million photos — transferred in just 45 seconds. The attackers used multiple attack vectors, primarily exploiting User Datagram Protocol (UDP for its quick delivery method versus the usual TCP that most internet traffic uses. UDP is preferred in applications that require real-time response, such as video streaming, online gaming, and virtual meetings. That's because it does not wait for the two devices talking over the internet to have a proper handshake. Instead, it sends the data and hopes the other party receives it. Because of this, UDP flood attacks are one of the most common tools in DDoS campaigns. Because of this, the perpetrators could simply send traffic to all the ports on their target. Since the target must respond to each query, it would soon overwhelm its resources, especially with the massive amount of information transferred in this incident. The threat actors also used reflection attacks to supplement their main push. This is also called a reflection/amplification attack, as it spoofs the target's IP address and then requests information from a third-party, which can be a Network Time Protocol service or through the Quote of the Day (QOTD) or Echo protocols. The third party would then respond with the appropriate data and send it to the victim's address. If the attacker sends enough requests, it could overwhelm the target IP unless it uses proper protection. Unfortunately, this isn't the first time a record-breaking DDoS attack has happened recently. Microsoft was hit with a record-breaking 3.47 Tbps DDoS attack in January 2022, but this was surpassed in October 2024 with a 5.6 Tbps attack on an internet provider in East Asia. April 2025 again saw another massive attack, with a 6.5 Tbps assault lasting almost 49 seconds, which Cloudflare reported. Although there are already protections to prevent DDoS attacks from knocking out servers and websites, many threat actors still use botnets with access to tens, if not hundreds, of thousands of compromised devices. After all, this is a relatively cheap and easy way of testing a target's defenses, with some even using it to extort online businesses so that such attacks would not target them. Follow Tom's Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.
Arabian Post
04-06-2025
- Business
- Arabian Post
Meta and Yandex Exploited Android Loophole to Track Users Across Browsers and Apps
Meta and Yandex have been found to exploit a loophole in Android's architecture, enabling them to de-anonymize users' web browsing activities by linking them to persistent app identities. This tracking method bypasses standard privacy protections, including incognito mode and cookie clearing, raising significant concerns about user privacy. Researchers from Radboud University, IMDEA Networks, and KU Leuven discovered that Meta's Pixel and Yandex's Metrica tracking scripts, embedded in millions of websites, communicate with their respective Android apps via the device's localhost interface. This communication allows the apps to receive browsing data directly from the browser, effectively linking web activity to user identities within the apps. The tracking mechanism operates by having the browser-based scripts send data to specific ports on the localhost interface, where the apps are listening. For instance, Meta's apps listen on UDP ports 12580–12585, while Yandex's apps use ports 29009, 29010, 30102, and 30103. This setup enables the apps to collect browsing data, including cookies and metadata, even when users employ privacy measures like incognito mode or VPNs. ADVERTISEMENT Meta began implementing this method in September 2024, while Yandex has utilized a similar approach since 2017. The widespread use of Meta Pixel and Yandex Metrica—estimated to be present on 5.8 million and 3 million websites respectively—suggests that a vast number of Android users could be affected. The discovery has prompted responses from major browser developers. Google has initiated an investigation and is working on mitigations to prevent such tracking techniques. Mozilla is also developing solutions to protect Firefox users on Android from this invasive tracking. Meta has paused the functionality in question and is in discussions with Google to address the issue. Privacy advocates and experts have expressed alarm over the findings. The method's ability to circumvent standard privacy controls and its potential to be used by malicious actors for surveillance underscore the need for stricter enforcement of privacy standards and greater transparency from tech companies regarding data collection practices.
Yahoo
14-05-2025
- General
- Yahoo
Marine F-35B stealth fighter squadron arrives in Japan
A Marine fighter attack squadron recently deployed to Japan, joining three other squadrons in an effort to support operations in the Indo-Pacific, according to a release from the 1st Marine Aircraft Wing. Marine Fighter Attack Squadron, or VMFA-211 — an F-35B Lightning II squadron hailing from Yuma, Arizona — arrived at Marine Corps Air Station Iwakuni, Japan, on Saturday. The newest additions, also known as the 'Wake Island Avengers,' will fold into Marine Aircraft Group 12, 1st Marine Aircraft Wing, to assist with deployments in the region. 'The squadron joins VMFA-121 and VMFA-242, MAG-12's two permanently stationed F-35B squadrons, alongside VMFA-214, another U.S.-based UDP [Unit Deployment Program] squadron, to enhance our ability to support III Marine Expeditionary Force and joint force operations across the Indo-Pacific,' a 1st Marine Aircraft Wing spokesperson said in a statement. Air Force F-35A 'Frankenjet' returns to the skies While the unit declined to list the exact number of aircraft and service members deployed to Japan along with VMFA-211, a spokesperson told Military Times a typical F-35B squadron includes 10 aircraft and enough personnel to operate and maintain the fighters. The exact dates of deployment were also not revealed, but the 1st Aircraft Wing acknowledged deployments usually last six months. VMFA-211 squadron will participate in exercises in support of the 1st Marine Aircraft Wing, the spokesperson confirmed. Recently, VMFA-214 participated in Freedom Flag 25-1, a joint exercise between the U.S. and Korea held in April at Gwangju Air Base, Korea. 'These exercises, in turn, will ensure the Marine Corps is operationally ready and postured to support U.S.-Japan Treaty of Mutual Cooperation and Security,' the spokesperson said. Marine Aircraft Group 12 — along with the now four Marine fighter attack squadrons — includes Marine Aerial Refueler Transport Squadron 152, Marine Wing Support Squadron 171 and Marine Aviation Logistics Squadron 12.
Leader Live
06-05-2025
- Politics
- Leader Live
Welsh Government deal will preserve Wrexham planning powers
After winning its Supreme Court battle with the Welsh Government over the adoption of the Local Development Plan (LDP), the authority was supposed to fall back on the old Unitary Development Plan(UDP). This meant planning officers and councillors would still have the legal right to refuse applications and enforce statutory obligations like the provision of play areas, shops and schools in larger residential developments. But next week the Senedd will debate the Legislation (Procedure, Publication and Repeals) (Wales) Bill. Among the proposals in the bill is the scrapping of all existing, out-of-date UDPs. In Wrexham, where there is no valid LDP, that would mean no adopted legal framework for the county borough. That could create a planning free-for-all, forcing the council to justify every individual planning refusal based on 'material planning considerations'. After talks with the Welsh Government however, Wrexham Council leader Cllr Mark Pritchard says an agreement has been reached to avoid this potentially chaotic situation. "There's been a commitment from the Welsh Government that that won't happen," he said. "There'll be an amendment to the upcoming legislation which will allow the UDP in Wrexham to stand. "I'd like to thank the Welsh Government for taking a common sense approach. It tells me that they're genuinely working with us, not against us. I do believe there is a way forward here for the betterment of Wrexham." Last month the Welsh Government finally dropped its legal challenge to Wrexham Council's refusal to adopt the new LDP having been through the High Court, Court of Appeal and Supreme Court. Read more: "Landmark decision" as councillors win court appeal over Wrexham's LDP 'Wrexham remains the only Local Authority not to have an LDP' Welsh Government urged to work with council after LDP left 'dead in the water' Councillors who opposed the LDP, led by Plaid Cymru Cllr Marc Jones, were victorious but the result forced Wrexham to fall back temporarily on it's older, outdated UDP. A replacement plan has still not been agreed. "We're hoping to work in true partnership with Welsh Government to resolve the issue," he said. "I felt I was pushed into a corner by what went on here, I was very uncomfortable with it but we have to move on. "I'm just disappointed that we had to go through all that because it was very painful. "I put a lot on the line here - if we had lost, I'd have had to step down. It became about more than the LDP, it became about democracy, freedom of speech and what we can say in that chamber. "I pushed it only as much as I felt we needed to. Look at the standards on the wall of the council chamber. The Dunkirk standards are there. As we mark 80 years since VE Day, people from Wrexham and across this country - across the world - lost their lives for me and anybody in every chamber to have freedom of speech and freedom to exercise democratic process. "You can't be threatened that you will go to jail or that there will be legal prosecutions or a cost put against your house for exercising your right as an elected member to vote. You have three options - to support, to vote against or to abstain. "But I'm a realist, we now have to find a solution and we will find a solution. I do believe the Welsh Government are prepared to work with us and work alongside us and that's good news for me. Those dark days are behind us."
