September 30, 2014 10:38 PM
Inside Shellshock: How hackers are using it to exploit systems
On Wednesday of last week, details of the Shellshock bash bug emerged. This bug started a scramble to patch computers, servers, routers, firewalls, and other computing appliances using vulnerable versions of bash....
July 03, 2014 3:00 PM
Introducing the BPF Tools
In a recent article I described the basic concepts behind the use of Berkeley Packet Filter (aka BSD Packet filter or BPF) bytecode for high performance packet filtering, and the xt_bpf iptables module....
May 07, 2014 4:00 AM
Killing RC4: The Long Goodbye
At CloudFlare we spend a lot of time thinking about the best way to keep our customers’ data safe. Despite recent troubles, HTTPS is still the best way to deliver encrypted content for the web. ...
April 01, 2014 1:19 AM
The weird and wonderful world of DNS LOC records
A cornerstone of CloudFlare's infrastructure is our ability to serve DNS requests quickly and handle DNS attacks. To do both those things we wrote our own authoritative DNS server called RRDNS in Go. ...
March 11, 2014 4:00 PM
WordPress Pingback Attacks and our WAF
At CloudFlare a lot of our customers use WordPress, that's why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for our Web Application Firewall....
March 05, 2014 12:00 AM
It's Go Time on Linux
Some interesting changes related to timekeeping in the upcoming Go 1.3 release inspired us to take a closer look at how Go programs keep time with the help of the Linux kernel. Timekeeping is a complex topic and determining the current time isn’t as simple as it might seem at fir...
February 23, 2014 11:00 AM
Good News: Vulnerable NTP Servers Closing Down
On Monday, February 10th, CloudFlare experienced a large DDoS attack, with nearly 400Gbps of NTP attack traffic hitting our network. ...
February 13, 2014 1:00 AM
Technical Details Behind a 400Gbps NTP Amplification DDoS Attack
On Monday we mitigated a large DDoS that targeted one of our customers. The attack peaked just shy of 400Gbps. We've seen a handful of other attacks at this scale, but this is the largest attack we've seen that uses NTP amplification....
January 09, 2014 4:00 PM
Understanding and mitigating NTP-based DDoS attacks
Over the last couple of weeks you may have been hearing about a new tool in the DDoS arsenal: NTP-based attacks. These have become popular recently and caused trouble for some gaming web sites and service providers....
December 31, 2013 6:30 PM
2013: Rebuild the Engine; 2014: Step on the Gas
It's been a busy 2013 here at CloudFlare. By all external measures it was a terrific year. We grew page views, revenue and traffic across our network – all by more than 400%. We added terrific partners and high profile customers. ...
September 13, 2013 6:00 AM
Why secure systems require random numbers
If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Communications Headquarters you may have come across a claim that the NSA was involved in weakening a random number generator. ...
August 27, 2013 6:15 PM
Details Behind Today's Internet Hacks
At 1:19pm (PDT) today, a researcher noticed that the New York Times' website wasn't loading. We know the New York Times tech team, so we sent an email to check in. A few minutes later, the CTO of the NYT called us back. ...
August 27, 2013 12:10 AM
The story of a little DNS easter egg
About a year ago, we realized that CloudFlare's current DNS infrastructure had some challenges. We were using PowerDNS, an open source DNS server that is popular with hosting providers. ...
July 11, 2013 11:02 PM
Staying on top of TLS attacks
CloudFlare makes extensive use of TLS connections throughout our
service which makes staying on top of the latest news about security problems with TLS a priority. We use TLS both externally and internally and different uses of TLS have different constraints....
June 06, 2013 6:00 AM
Happy IPv6 Day: Usage On the Rise, Attacks Too
June 6th is known as World IPv6 Day so we thought it was a good time to look at the trends in IPv6 usage across CloudFlare's network. ...