The code overwhelms a target with legitimate HTTP requests.
CloudFlare said a particularly large attack delivered approximately 275,000 HTTP requests per second.
The attack CloudFlare examined in depth was code that was placed in a loop, which created a flood of legitimate-looking requests. Unprepared organizations have no way of dealing with such requests.
The attacks are a "new trend," said Marek Majkowski, an engineer at CloudFlare. "They present a great danger in the internet – defending against this type of flood is not easy for small website operators."
The CloudFlare team found that 99.8% of the traffic in the attack they investigated originated from China.