December 21, 2017 2:01 PM
At the end of 2016, I wrote a blog post with seven predictions for 2017. Let’s start by reviewing how I did. I’ll score myself with two points for being correct, one point for mostly right and zero for wrong. That’ll give me a maximum possible score of fourteen. Here goes......
December 14, 2017 7:41 PM
This post provides a retrospective analysis of Mirai — the infamous Internet-of-Things botnet that took down major websites via massive distributed denial-of-service using hundreds of thousands of compromised Internet-Of-Things devices....
November 23, 2017 3:28 AM
News outlets and blogs will frequently compare DDoS attacks by the volume of traffic that a victim receives. Surely this makes some sense, right? The greater the volume of traffic a victim receives, the harder to mitigate an attack - right? ...
November 13, 2017 4:09 PM
We are now 3 months on from one of the biggest, most significant data breaches in history, but has it redefined people's awareness on security?...
October 20, 2017 4:23 PM
Over the past few days we learnt about a new attack that posed a serious weakness in the encryption protocol used to secure all modern Wi-Fi networks....
September 25, 2017 1:00 PM
In the past, we’ve spoken about how Cloudflare is architected to sustain the largest DDoS attacks. During traffic surges we spread the traffic across a very large number of edge servers. ...
September 25, 2017 1:00 PM
This is the week of Cloudflare's seventh birthday. It's become a tradition for us to announce a series of products each day of this week and bring major new benefits to our customers. We're beginning with one I'm especially proud of: Unmetered Mitigation....
September 12, 2017 4:29 PM
This post summarizes how prevalent encrypted web traffic interception is and how it negatively affects online security according to a study published at NDSS 2017 authored by several researchers including the author of this post and Nick Sullivan of Cloudflare. ...
August 28, 2017 2:00 PM
On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. ...
July 04, 2017 10:32 AM
In a recent blog post, my colleague Marek talked about some SSDP-based DDoS activity we'd been seeing recently. In that blog post he used a tool called mmhistogram to output an ASCII histogram....
June 28, 2017 3:45 PM
Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps....
June 07, 2017 12:47 PM
Back in April we announced Rate Limiting of requests for every Cloudflare customer. Being able to rate limit at the edge of the network has many advantages: it’s easier for customers to set up and operate, their origin servers are not bothered by excessive traffic or layer 7 atta...
May 24, 2017 6:16 PM
Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Connectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack traffic without any impact....
April 27, 2017 1:00 PM
In October, we wrote about a 1.75M rps DDoS attack we mitigated on our network, launched by 52,467 unique IP’s, mostly hacked CCTV cameras. We continued to see more IoT devices in DDoS attacks....
April 19, 2017 1:03 PM
If you’re running a SaaS company, you know how important it is that your application is performant, highly available, and hardened against attack. ...
April 14, 2017 3:00 PM
About a month ago, security researcher Omer Gil published the details of an attack that he calls the Web Cache Deception attack. It works against sites that sit behind a reverse proxy (like Cloudflare) and are misconfigured in a particular way....
April 13, 2017 8:34 PM
Today, Cloudflare is extending its Rate Limiting service by allowing any of our customers to sign up. Our Enterprise customers have enjoyed the benefits of Cloudflare’s Rate Limiting offering for the past several months. ...
January 09, 2017 2:08 PM
We extensively monitor our network and use multiple systems that give us visibility including external monitoring and internal alerts when things go wrong....
December 30, 2016 2:34 PM
Looking back over 2016, we saw the good and bad that comes with widespread use and abuse of the Internet. ...
