Dyn issues affecting joint customers

Published on by Filippo Valsorda.

Today there is an ongoing, large scale Denial-of-Service attack directed against Dyn DNS. While Cloudflare services are operating normally, if you are using both Cloudflare and Dyn services, your website may be affected. Specifically, if you are using CNAME records which point to a zone hosted on Dyn, our DNS queries directed to Dyn might fail making your website unavailable, and presenting a “1001” error message. Some popular…

TLS nonce-nse

Published on by Filippo Valsorda.

One of the base principles of cryptography is that you can't just encrypt multiple messages with the same key. At the very least, what will happen is that two messages that have identical plaintext will also have identical ciphertext, which is a dangerous leak. (This is similar to why you can't encrypt blocks with ECB.) If you think about it, a pure encryption function is just like any…

Say Cheese: a snapshot of the massive DDoS attacks coming from IoT cameras

Published on by Marek Majkowski.

Over the last few weeks we've seen DDoS attacks hitting our systems that show that attackers have switched to new, large methods of bringing down web applications. They appear to come from an IoT botnet (like Mirai and relations) which were responsible for the large attacks against Brian Krebs. Our automatic DDoS mitigation systems have been handling these attacks, but we thought it would be interesting to publish…

Announcing New Features To Help Hosting Providers Run Their Own Reliable DNS Infrastructure

Published on by Dani Grant.

Over the last six years, we’ve built the tooling, infrastructure and expertise to run a DNS network that handles our scale - we’ve answered a few million DNS queries in the few seconds since you started reading this. DNS is the backbone of the internet. Every email, website visit, and API call ultimately begins with a DNS lookup. Internet is built on DNS, so every hosting…