Cloudflare Mitigates Record-Breaking 14.1 Bpps Aisuru DDoS Attack
A new Aisuru-powered distributed denial-of-service (DDoS) attack peaking at 14.1 billion packets per second has set a fresh record for volumetric assaults, forcing defenders to combine hardware offload, anycast routing, and adaptive filtering to preserve availability for targeted services. The event highlights how botnet operators are optimizing packet-per-second throughput, abusing QUIC and UDP reflection paths, and targeting AI and API-heavy infrastructures that rely on low-latency connections.
Attack Overview and Traffic Characteristics
The Aisuru campaign relied on an expansive botnet composed primarily of compromised IoT devices, residential routers, and low-cost virtual private servers, each contributing relatively modest bandwidth but extremely high packet rates. The aggregate stream peaked at approximately 14.1 billion packets per second, with sustained levels that exceeded many providers’ traditional scrubbing capacities. Unlike bandwidth-oriented floods that primarily saturate links in gigabits per second, this campaign was engineered explicitly for packet-per-second exhaustion, aiming at stateful firewalls, load balancers, and application gateways. Targets included web applications, AI inference APIs, and SaaS endpoints where latency-sensitive traffic is critical to the user experience. The attack window was characterized by rapid ramp-up phases, multi-vector shifts, and short-lived but intense bursts designed to evade static rate limits and preconfigured signatures.
Botnet Architecture and Command-and-Control
Aisuru’s botnet infrastructure appears to use a hybrid command-and-control model, combining hard-coded controller lists with opportunistic peer-to-peer propagation channels. Bots maintain lightweight persistent connections over TCP and QUIC to multiple controllers, enabling rapid dissemination of updated attack parameters and target lists. The controller layer itself is distributed across multiple cloud providers and bulletproof hosting environments, frequently rotating domains and IP addresses through fast-flux DNS techniques. Compromised devices typically exhibit minimal CPU and memory footprints for the attack routines, favoring simple packet generation loops that avoid complex protocol state machines. This design enables older hardware, including legacy DVRs and low-end embedded systems, to sustain very high packet emission rates with minimal local processing overhead.
Abuse of Network Protocols and Amplification Paths
The 14.1 Bpps threshold was achieved through a combination of direct floods and reflection-amplification techniques focused on connectionless protocols. Attack traffic prominently featured UDP-based floods, including generic UDP garbage payloads, malformed DNS queries, and traffic crafted to mimic QUIC initial handshakes. While traditional amplification vectors such as NTP and memcached have become more heavily filtered on the internet, the operators appear to have pivoted toward misconfigured UDP services and custom amplification daemons exposed on high-numbered ports. Certain sub-flows resembled attack patterns that spoofed popular content delivery and gaming service IP ranges, complicating differentiation from legitimate traffic. Packet sizes were intentionally kept small to maximize packet rate and overwhelm per-packet processing paths on edge routers, firewalls, and DDoS appliances.
Impact on AI and API-Centric Workloads
A notable aspect of this Aisuru wave was its focus on infrastructure supporting AI workloads and API-centric services rather than solely traditional web front ends. High-throughput APIs servicing machine learning inference, chat interfaces, and real-time analytics backends typically rely on low-latency HTTP/2 and HTTP/3 connections, which are particularly sensitive to packet loss and queue delays. By targeting these endpoints with packet-rate floods, attackers aimed to degrade model response times and cause cascading timeouts in upstream application layers. Some attack phases appear to have probed for rate-limiting thresholds on specific AI-related routes, first sending moderate traffic to characterize throttling behavior before escalating to full-scale floods. This selective pressure on AI endpoints suggests that botnet operators are increasingly aware of the business impact of disrupting AI-driven services and may be tuning campaigns to extract higher extortion leverage.
Defensive Posture and Mitigation Techniques
To handle a 14.1 Bpps onslaught, defenders had to rely heavily on anycast-based distribution of attack traffic across a globally dispersed edge network. By announcing the same IP prefixes from dozens or hundreds of edge locations, the attack load was split geographically, reducing the packet-per-second burden seen by any single router or scrubbing cluster. High-performance stateless packet filtering in programmable switches and network processing units was essential to offload basic filtering functions from general-purpose CPUs. Filtering rules focused on protocol anomalies, invalid headers, and known abusive UDP patterns, while maintaining enough permissiveness to avoid disrupting legitimate users. In some regions, operators temporarily rerouted affected prefixes through specialized scrubbing centers with enhanced packet processing capacity, then re-injected clean traffic toward origin servers via private backbone links.
Adaptive Filtering and Behavioral Signatures
Static signatures were insufficient to deal with rapid vector changes and traffic morphing employed by the Aisuru controllers. Effective mitigation involved adaptive algorithms that continuously profiled traffic baselines, learning normal distributions of packet sizes, TCP flag combinations, protocol mix, and geographic origin. Deviation-based rules then automatically applied more aggressive filtering to anomalous flows, such as sudden spikes of small UDP packets from unexpected autonomous systems or countries. Machine learning models were likely used to classify flows based on multi-dimensional features, including connection establishment rates, error code ratios, and per-source packet burst profiles. These dynamic filters could be tuned in near real-time to trade off between collateral damage and mitigation strength, enabling more precise blocking as the attack evolved.
Operational Challenges and Collateral Effects
Defending against an attack at 14.1 Bpps introduced a range of operational complexities that extended beyond pure traffic scrubbing. Network telemetry pipelines themselves can become stressed when exporting flow records, counters, and logs at such high event rates, forcing teams to sample more aggressively and risk reduced visibility. Some upstream carriers and peers may implement their own protective filtering or blackholing, leading to inconsistent reachability from different parts of the internet. In edge environments where capacity was close to saturation, even legitimate latency-sensitive traffic might have experienced brief jitter, packet loss, or connection resets. Operators had to carefully communicate with customers about partial degradation, while maintaining constraints on routing changes to avoid flapping and route instability in global BGP tables.
Strategic Implications for DDoS Resilience
The Aisuru record sets a new benchmark for packet-rate attacks and underscores that capacity planning focused only on bits per second is no longer sufficient. Organizations need to evaluate their per-packet processing capabilities in routers, firewalls, and application gateways, ensuring that high interrupt rates and context switches do not become bottlenecks under attack. Multi-layered defenses that combine upstream anycast distribution, stateless filtering, stateful inspection at protected edges, and application-level protections are essential to withstand modern campaigns. The trend toward targeting AI and API-driven workloads suggests that business impact analysis and continuity planning must explicitly include service-level objectives for these newer platforms. Long term, collaboration between cloud providers, transit networks, and enterprise defenders will be required to raise the baseline of internet hygiene, particularly around accessible amplification vectors and exposure of misconfigured UDP services.