Google blocked record-breaking 2.5Tbps DDoS attack in 2017
The previously unknown attack, which was triggered by state-backed hackers, is the largest DDoS attack on record


Google has revealed that its infrastructure absorbed a 2.5Tbps distributed denial of service (DDoS) attack in 2017, the largest such attack in terms of its sheer volume ever recorded.
The previously undisclosed DDoS attack was the culmination of a six-month campaign launched by Chinese-backed hackers that used multiple methods of attack, although ultimately had no material impact.
Google’s Security Reliability Engineering team measured the record-breaking attack sourced from several Chinese ISPs, with the attacker using several networks to spoof 167 millions of packets per second to 180,000 exposed servers. These included vulnerable CLDAP, DNS and SMTP servers.
“This demonstrates the volumes a well-resourced attacker can achieve,” said Google Cloud’s security reliability engineer Damian Menscher.
“This was four times larger than the record-breaking 623 Gbps attack from the Mirai botnet a year earlier. It remains the highest-bandwidth attack reported to date, leading to reduced confidence in the extrapolation.”
The revelation comes as part of wider Google Cloud analysis that DDoS attacks are exponentially growing across all metrics, including bits per second (bbps), network packets per second (pps), and HTTP(S) requests per second (rps).
As a signal to reinforce the view that DDoS attacks are indeed increasing in the scale of the threat they pose, both Amazon and Akamai both claimed to have prevented record-breaking attacks this summer.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
The former fended off a reported attack which hit 2.3Tbps in its peak in mid-June, 44% larger than anything Amazon had registered before. The latter also claimed to have prevented the largest-ever DDoS attack in terms of pps just a couple of weeks later. This second attack reached a peak of 809 million pps.
This exponential growth coincides with the exponential growth of the internet itself, Menscher added, which provides bandwidth and compute not only to attackers, but to defenders itself. After accounting for the expected growth, the exponential rise is less concerning, although still represents a major problem.
Google Cloud claims to work with others in the internet community to identify and dismantle infrastructure used to conduct attacks, with DDoS mitigation a collaborative effort.
The record-breaking 2.5Tbps attack in 2017, for example, led to Google reporting thousands of vulnerable servers to network providers. Further collaborative efforts were invested in tracing the source of the spoofed packets so they could be filtered.

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.
-
‘Risk into revenue’: Trend Micro’s new European channel program targets partner growth
News The vendor’s updated channel framework now includes a unified tier and discount structure across all partner types
-
How can businesses handle data sprawl?
Poor data observability opens the door to security vulnerabilities
-
UK crime fighters wrangle “several thousand” potential cyber criminals in DDoS-for-hire honeypot
News The sting follows a recent crackdown on DDoS-for-hire services globally
-
US begins seizure of 48 DDoS-for-hire services following global investigation
News Six people have been arrested who allegedly oversaw computer attacks launched using booters
-
Will triple extortion ransomware truly take off?
In-depth Operators are now launching attacks with three extortion layers, but there are limitations to this model
-
GoDaddy web hosting review
Reviews GoDaddy web hosting is backed by competitive prices and a beginner-friendly dashboard, and while popular, beware of hidden prices
-
Japan investigates potential Russian Killnet cyber attacks
News The hacker group has said it’s revolting against the country’s militarism and that it’s “kicking the samurai”
-
LockBit hacking group to be 'more aggressive' after falling victim to large-scale DDoS attack
News The ransomware group is currently embroiled in a battle after it leaked data belonging to cyber security company Entrust
-
Record for the largest ever HTTPS DDoS attack smashed once again
News The DDoS attack lasted 69 minutes and surpassed the previous record of 26 million RPS
-
Cloudflare mitigates biggest ever HTTPS DDoS attack
News A botnet generated over 212 million HTTPS requests from over 1,500 networks in 121 countries