A massive distributed denial-of-service (DDoS) attack has been detected and mitigated by FastNetMon, targeting a DDoS protection vendor in Western Europe. According to the company, the attack surged to an astonishing 1.5 billion packets per second (pps), ranking among the largest packet-rate floods ever recorded.
FastNetMon revealed that the malicious traffic primarily consisted of UDP floods generated from hijacked customer-premises equipment (CPE), including IoT devices and MikroTik routers. The attack leveraged resources from over 11,000 networks worldwide. While the victim company wasn’t disclosed, FastNetMon confirmed it was a DDoS scrubbing provider, a service that filters malicious traffic during such cyberattacks.
“This event is part of a dangerous trend,” said Pavel Odintsov, founder of FastNetMon. “When tens of thousands of CPE devices can be hijacked and used in coordinated packet floods of this magnitude, the risks for network operators grow exponentially. The industry must act to implement detection logic at the ISP level to stop outgoing attacks before they scale.”
The incident was identified and mitigated in real time, with FastNetMon’s automated systems flagging the abnormal traffic within seconds. Defense measures included scrubbing technologies at the customer’s facility and deploying access control lists (ACLs) on routers vulnerable to amplification abuse.
FastNetMon highlighted that its platform, powered by optimized C++ algorithms, is specifically built to handle traffic events at such a scale. Thanks to these defenses, the targeted provider reportedly suffered no visible downtime or service disruption.
The news comes shortly after Cloudflare reported a record-breaking volumetric attack reaching 11.5 Tbps and 5.1 billion pps, underscoring the growing severity of both packet-rate floods and bandwidth-driven DDoS attacks.
“Taken together, the two incidents underline a rise in both packet-rate and bandwidth-driven floods, a trend that is pressuring the capacity of mitigation platforms worldwide,” FastNetMon said.
“What makes this case remarkable is the sheer number of distributed sources and the abuse of everyday networking devices. Without proactive ISP-level filtering, compromised consumer hardware can be weaponized at a massive scale,” the company added.
