Broken packets: IP fragmentation is flawed
August 18, 2017 5:40 PM
As opposed to the public telephone network, the internet has a Packet Switched design. But just how big can these packets be?...
How to use Cloudflare for Service Discovery
July 21, 2017 8:01 AM
Cloudflare runs 3,588 containers, making up 1,264 apps and services that all need to be able to find and discover each other in order to communicate -- a problem solved with service discovery....
Three little tools: mmsum, mmwatch, mmhistogram
July 04, 2017 10:32 AM
In a recent blog post, my colleague Marek talked about some SSDP-based DDoS activity we'd been seeing recently. In that blog post he used a tool called mmhistogram to output an ASCII histogram....
Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS
June 28, 2017 3:45 PM
Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps....
How we built rate limiting capable of scaling to millions of domains
June 07, 2017 12:47 PM
Back in April we announced Rate Limiting of requests for every Cloudflare customer. Being able to rate limit at the edge of the network has many advantages: it’s easier for customers to set up and operate, their origin servers are not bothered by excessive traffic or layer 7 attacks....
MORE POSTS
May 24, 2017 6:16 PM
Reflections on reflection (attacks)
Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Connectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack traffic without any impact....
- By
May 18, 2017 1:00 PM
Introducing Argo — A faster, more reliable, more secure Internet for everyone
The Internet is inherently unreliable, a collection of networks connected to each other with fiber optics, copper, microwaves and trust....
- By
May 14, 2017 3:00 PM
Introducing Load Balancing & Intelligent Failover with Cloudflare
Cloudflare's Enterprise customers have been using our Load Balancing service since March, and it has been helping them avoid website downtime caused by unreliable hosting providers, Internet outages, or servers. ...
- By
May 05, 2017 2:55 PM
Meet The Brand New DNS Analytics Dashboard
Have you noticed something new in your Cloudflare analytics dashboard this morning? You can now see detailed DNS analytics for your domains on Cloudflare....
- By
May 03, 2017 2:10 PM
How eero mesh WiFi routers connect to the cloud
Relying on a single wireless router to provide internet in every room of the home is like expecting a single light bulb to illuminate the entire house. It’s physics - WiFi radio waves don’t travel through walls or objects easily. ...
- By
May 01, 2017 3:58 PM
Introducing TLS with Client Authentication
In a traditional TLS handshake, the client authenticates the server, and the server doesn’t know too much about the client. However, starting now, Cloudflare is offering enterprise customers TLS with client authentication. ...
- By
April 27, 2017 1:00 PM
Introducing Cloudflare Orbit: A Private Network for IoT Devices
In October, we wrote about a 1.75M rps DDoS attack we mitigated on our network, launched by 52,467 unique IP’s, mostly hacked CCTV cameras. We continued to see more IoT devices in DDoS attacks....
- By
April 14, 2017 3:00 PM
Understanding Our Cache and the Web Cache Deception Attack
About a month ago, security researcher Omer Gil published the details of an attack that he calls the Web Cache Deception attack. It works against sites that sit behind a reverse proxy (like Cloudflare) and are misconfigured in a particular way....
- By
April 13, 2017 8:34 PM
Cloudflare Rate Limiting - Insight, Control, and Mitigation against Layer 7 DDoS Attacks
Today, Cloudflare is extending its Rate Limiting service by allowing any of our customers to sign up. Our Enterprise customers have enjoyed the benefits of Cloudflare’s Rate Limiting offering for the past several months. ...
- By
April 12, 2017 3:06 PM
Changing Internet Standards to Build A Secure Internet
We’ve been working with registrars and registries in the IETF on making DNSSEC easier for domain owners, and over the next two weeks we’ll be starting out by enabling DNSSEC automatically for .dk domains....
- By
April 11, 2017 9:28 AM
How we made our DNS stack 3x faster
Cloudflare is now well into its 6th year and providing authoritative DNS has been a core part of infrastructure from the start. We’ve since grown to be the largest and one of the fastest managed DNS services on the Internet, hosting DNS for nearly 100,000 of the Alexa top 1M site...
- By
February 14, 2017 6:04 PM
Want to see your DNS analytics? We have a Grafana plugin for that
Curious where your DNS traffic is coming from, how much DNS traffic is on your domain, and what records people are querying for that don’t exist? We now have a Grafana plugin for you. ...
- By
February 06, 2017 9:43 PM
DDoS Ransom: An Offer You Can Refuse
Cloudflare has covered DDoS ransom groups in the past. First, we reported on the copycat group claiming to be the Armada Collective and then not too long afterwards, we covered the "new" Lizard Squad....
- By
January 09, 2017 2:08 PM
The Porcupine Attack: investigating millions of junk requests
We extensively monitor our network and use multiple systems that give us visibility including external monitoring and internal alerts when things go wrong....
- By