Cloudflare says it detected and mitigated a 26 million request per second flood of encrypted HTML requests sent to an unidentified customer. The attack originated from a botnet of just 5,607 devices each generating 5,200 requests per second at its peak. The company suspects the devices used in the attack were compromised virtual machines and servers – not the internet of things appliances typically pressed into service by bot herders. The bandwidth available to cloud-hosted infrastructure is far greater than residential networks in which IoT devices often operate.”]
Source: https://www.govinfosecurity.com/cloudflare-mitigates-record-https-ddos-attack-a-19374