Participate in the Net Neutrality Day of Action

Published on by Alissa Starzak.

We at Cloudflare strongly believe in network neutrality, the principle that networks should not discriminate against content that passes through them.  We’ve previously posted on our views on net neutrality and the role of the FCC here and here. In May, the FCC took a first step toward revoking bright-line rules it put in place in 2015 to require ISPs to treat all web content equally. The…

How to make your site HTTPS-only

Published on by Nick Sullivan.

The Internet is getting more secure every day as people enable HTTPS, the secure version of HTTP, on their sites and services. Last year, Mozilla reported that the percentage of requests made by Firefox using encrypted HTTPS passed 50% for the first time. HTTPS has numerous benefits that are not available over unencrypted HTTP, including improved performance with HTTP/2, SEO benefits for search engines like Google and…

Three little tools: mmsum, mmwatch, mmhistogram

Published on by John Graham-Cumming.

In a recent blog post, my colleague Marek talked about some SSDP-based DDoS activity we'd been seeing recently. In that blog post he used a tool called mmhistogram to output an ASCII histogram. That tool is part of a small suite of command-line tools that can be handy when messing with data. Since a reader asked for them to be open sourced... here they are. mmhistogram Suppose you…

A container identity bootstrapping tool

Published on by Nick Sullivan.

Everybody has secrets. Software developers have many. Often these secrets—API tokens, TLS private keys, database passwords, SSH keys, and other sensitive data—are needed to make a service run properly and interact securely with other services. Today we’re sharing a tool that we built at Cloudflare to securely distribute secrets to our Dockerized production applications: PAL. PAL is available on Github: https://github.com/cloudflare/pal.…

Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS

Published on by Marek Majkowski.

Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps and largest SSDP reflection we recorded was: 30 Mpps (millions of packets per second) 80 Gbps (billions of bits per second) using 940k reflector IPs This changed a couple of days ago when we noticed an unusually large SSDP amplification. It's worth deeper investigation since it crossed the…