Protection from Struts Remote Code Execution Vulnerability (S2-057)
September 05, 2018
On August 22 a new vulnerability in the Apache Struts framework was announced. We quickly deployed a mitigation to protect customers....
Additional Record Types Available with Cloudflare DNS
August 06, 2018
Cloudflare recently updated the authoritative DNS service to support nine new record types. Since these records are less commonly used than what we previously supported, we thought it would be a good idea to do a brief explanation of each record type and how it is used....
Securing U.S. Democracy: Athenian Project Update
July 19, 2018
Last December, Cloudflare announced the Athenian Project to help protect U.S. state and local election websites from cyber attack. Since then, the need to protect our electoral systems has become increasingly urgent. ...
How to drop 10 million packets per second
July 06, 2018
Internally our DDoS mitigation team is sometimes called "the packet droppers". When other teams build exciting products to do smart things with the traffic that passed through our network, we take joy in discovering novel ways of discarding it....
Argo Tunnels: Spread the Load
June 20, 2018
We recently announced Argo Tunnel which allows you to deploy your applications anywhere, even if your webserver is sitting behind a NAT or firewall. Now, with support for load balancing, you can...
MORE POSTS
May 21, 2018
Rate Limiting: Delivering more rules, and greater control
With more platforms adopting DDoS safeguards like integrating mitigation services and enhancing bandwidth at vulnerable points, Layer 3 and 4 attacks are becoming far less effective than before....
- By
April 17, 2018
mmproxy - Creative Linux routing to preserve client IP addresses in L7 proxies
In previous blog post we discussed how we use the TPROXY iptables module to power Cloudflare Spectrum. With TPROXY we solved a major technical issue on the server side, and we thought we might find another use for it on the client side of our product....
- By
March 06, 2018
The real cause of large DDoS - IP Spoofing
A week ago we published a story about new amplification attacks using memcached protocol on UDP port 11211. A few things happened since then: Github announced it was a target of 1.3Tbps memcached attack. OVH and Arbor reported similar large attacks with the peak reported at 1.7Tb...
- By
February 27, 2018
Memcrashed - Major amplification attacks from UDP port 11211
Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211. In the past, we have talked a lot about amplification attacks happening on the internet. ...
- By
February 06, 2018
It’s Hard To Change The Keys To The Internet And It Involves Destroying HSM’s
The root of the DNS tree has been using DNSSEC to protect the zone content since 2010. DNSSEC is simply a mechanism to provide cryptographic signatures alongside DNS records that can be validated, i.e. prove the answer is correct and has not been tampered with. ...
- By
January 18, 2018
However improbable: The story of a processor bug
Processor problems have been in the news lately, due to the Meltdown and Spectre vulnerabilities. But generally, engineers writing software assume that computer hardware operates in a reliable, well-understood fashion, and that any problems lie on the software side of the softwar...
- By
December 15, 2017
The Athenian Project: Helping Protect Elections
From cyberattacks on election infrastructure, to attempted hacking of voting machines, to attacks on campaign websites, the last few years have brought us unprecedented attempts to use online vulnerabilities to affect elections both in the United States and abroad....
- By
December 12, 2017
Why Some Phishing Emails Are Mysteriously Disappearing
Phishing is the absolute worst. Unfortunately, sometimes phishing campaigns use Cloudflare for the very convenient, free DNS. ...
- By
December 07, 2017
On the Leading Edge - Cloudflare named a leader in The Forrester Wave: DDoS Mitigation Solutions
Cloudflare has been recognized as a leader in the “Forrester WaveTM: DDoS Mitigation Solutions, Q4 2017.”...
- By
December 07, 2017
CAA of the Wild: Supporting a New Standard
One thing we take pride in at Cloudflare is embracing new protocols and standards that help make the Internet faster and safer. Sometimes this means that we’ll launch support for experimental features or standards still under active development, as we did with TLS 1.3....
- By
November 23, 2017
The New DDoS Landscape
News outlets and blogs will frequently compare DDoS attacks by the volume of traffic that a victim receives. Surely this makes some sense, right? The greater the volume of traffic a victim receives, the harder to mitigate an attack - right? ...
- By
September 26, 2017
Introducing the Cloudflare Geo Key Manager
Cloudflare’s customers recognize that they need to protect the confidentiality and integrity of communications with their web visitors....
- By
September 25, 2017
No Scrubs: The Architecture That Made Unmetered Mitigation Possible
When building a DDoS mitigation service it’s incredibly tempting to think that the solution is scrubbing centers or scrubbing servers. I, too, thought that was a good idea in the beginning, ...
- By
September 25, 2017
Meet Gatebot - a bot that allows us to sleep
In the past, we’ve spoken about how Cloudflare is architected to sustain the largest DDoS attacks. During traffic surges we spread the traffic across a very large number of edge servers. ...
- By