Sustained DDoS Campaign Against a Major Customer Mitigated with Global Shield Protection

May 14, 2026

The Challenge

Target

A major Israeli enterprise customer with 320 protected IP addresses and a 500 Mb bandwidth line.

Duration

27 separate attacks over 7 days, from March 16 to 23, 2026 Total attack duration of 2.4 days; longest single attack lasting 1.9 days.

Attack Volume

3 Tbit of total mitigated traffic across 487.6 million packets, targeting multiple IP address ranges simultaneously.

Attack Peak

4.5 Gb/s observed peak bandwidth — 9x the customer’s 500 Mb line capacity.

The Campaign

Beginning March 16, 2026, a major enterprise customer came under a sustained and coordinated DDoS campaign. Over the course of seven days, attackers launched 27 separate attacks against 320 protected IP addresses, generating a total of 3 Tbit of malicious traffic across 487.6 million packets. The primary target throughout the campaign was a /28 subnet that received the overwhelming majority of attack volume. Secondary targets included numerous individual IP addresses across a second IP range, each subjected to repeated attack waves lasting 10 to 32 minutes.

The Peak Attack — March 21, 2026

The most significant single event in the campaign occurred on March 21, 2026, beginning at approximately 10:30 am (Asia/Jerusalem). FlowSec’s system immediately began receiving alerts regarding a high-volume attack on the customer’s primary subnet.

The attack unfolded in two vectors:

Vector 1 — GRE flood: A GRE protocol flood peaked at 4.04 Gb/s and 647.68 Kp/s, with an average throughput of 1.07 Gb/s over 19 minutes. This vector alone was more than eight times the customer’s line capacity.

Vector 2 — Residual traffic monitoring: Following the initial burst, FlowSec’s system continued monitoring and suppressing low-level residual attack traffic for an additional 51 minutes, ensuring no secondary escalation went undetected.

Total attack time for this event: 1 hour and 10 minutes. FlowSec’s system detected the attack, generated mitigation signatures, and pushed them to the relevant routers. Email alerts were dispatched in real time throughout the detection and mitigation process.

At the conclusion of the attack, once traffic returned to normal levels, all signatures were automatically removed in accordance with system settings.

FlowSec Global Shield

FlowSec’s Global Shield solution provided continuous, autonomous protection throughout the seven-day campaign. The system identified each of the 27 attack waves, generated targeted mitigation signatures, and propagated them instantly to the customer’s routers. No manual intervention was required at any stage. The customer’s services remained fully operational throughout the campaign, with no disruption to end users.

Flowsec Achievements

Across 27 attacks over seven days, FlowSec’s Global Shield successfully mitigated 3 Tbit of malicious traffic and 487.6 million packets, absorbing peak bursts that reached nine times the customer’s bandwidth capacity. The customer continued operating normally throughout, with zero service disruption.

Back to Case Studies

You Might Also Be Interested in

December 2, 2025

Large DDoS Attacks on a Hosting customer with Global shield protection

November 17, 2025

Large DDoS Attacks on an SMB customer

October 23, 2025

Large DDoS Attacks on an SMB customer

December 29, 2024

Mitigation of Large DDoS Attacks on Israeli Service Provider

December 4, 2024

Mitigation of Large DDoS Attacks on Israeli Telecommunication Provider

November 11, 2024

DDoS Attacks on Israeli Large Industrial Company

Contact Us

Flowsec Ltd.

contact@flow-sec.com

Flowsec provides cutting-edge SaaS DDoS protection solutions for ISPs, CSPs, enterprises, MSSPs, and the national security sector. With multi-tenant and global shield technology, Flowsec enables communication service providers to offer advanced DDoS protection services to their customers.