Marek Majkowski - Page 1 - Cloudflare Blog

Broken packets: IP fragmentation is flawed

Published on August 18th, 2017 5:40PM by Marek Majkowski.

As opposed to the public telephone network, the internet has a Packet Switched design. But just how big can these packets be? CC BY 2.0 image by ajmexico, inspired by This is an old question and the IPv4 RFCs answer it pretty clearly. The idea was to split the

Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS

Published on June 28th, 2017 3:45PM by Marek Majkowski.

Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps and largest SSDP reflection we recorded was: 30 Mpps (millions of packets per second) 80 Gbps (billions of bits per second) using 940k reflector IPs This changed a couple of

Reflections on reflection (attacks)

Published on May 24th, 2017 6:16PM by Marek Majkowski.

Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Connectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack traffic without any impact. CC BY 2.0 image by RageZ We decided to

The Porcupine Attack: investigating millions of junk requests

Published on January 9th, 2017 2:08PM by Marek Majkowski.

We extensively monitor our network and use multiple systems that give us visibility including external monitoring and internal alerts when things go wrong. One of the most useful systems is Grafana that allows us to quickly create arbitrary dashboards. And a heavy user of Grafana we are: at last count

TLD glue sticks around too long

Published on December 5th, 2016 1:54PM by Marek Majkowski.

Recent headline grabbing DDoS attacks provoked heated debates in the DNS community. Everyone has strong opinions on how to harden DNS to avoid downtime in the future. Is it better to use a single DNS provider or multiple? What DNS TTL values are best? Does DNSSEC make you more or

Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras

Published on October 11th, 2016 12:59PM by Marek Majkowski.

Over the last few weeks we've seen DDoS attacks hitting our systems that show that attackers have switched to new, large methods of bringing down web applications. They appear to come from an IoT botnet (like Mirai and relations) which were responsible for the large attacks against Brian Krebs. Our

This is strictly a violation of the TCP specification

Published on August 12th, 2016 1:03PM by Marek Majkowski.

I was asked to debug another weird issue on our network. Apparently every now and then a connection going through CloudFlare would time out with 522 HTTP error. CC BY 2.0 image by Chris Combe 522 error on CloudFlare indicates a connection issue between our edge server and the

Why we use the Linux kernel's TCP stack

Published on July 7th, 2016 11:50AM by Marek Majkowski.

A recent blog post posed the question Why do we use the Linux kernel's TCP stack?. It triggered a very interesting discussion on Hacker News. I've also thought about this question while working at CloudFlare. My experience mostly comes from working with thousands of production machines here and I can

Posts by Marek Majkowski