MORE POSTS
September 12, 2017 4:29 PM
Understanding the prevalence of web traffic interception
This post summarizes how prevalent encrypted web traffic interception is and how it negatively affects online security according to a study published at NDSS 2017 authored by several researchers including the author of this post and Nick Sullivan of Cloudflare. ...
August 28, 2017 2:00 PM
The WireX Botnet: How Industry Collaboration Disrupted a DDoS Attack
On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. ...
July 04, 2017 10:32 AM
Three little tools: mmsum, mmwatch, mmhistogram
In a recent blog post, my colleague Marek talked about some SSDP-based DDoS activity we'd been seeing recently. In that blog post he used a tool called mmhistogram to output an ASCII histogram....
June 28, 2017 3:45 PM
Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS
Last month we shared statistics on some popular reflection attacks. Back then the average SSDP attack size was ~12 Gbps....
June 07, 2017 12:47 PM
How we built rate limiting capable of scaling to millions of domains
Back in April we announced Rate Limiting of requests for every Cloudflare customer. Being able to rate limit at the edge of the network has many advantages: it’s easier for customers to set up and operate, their origin servers are not bothered by excessive traffic or layer 7 atta...
May 24, 2017 6:16 PM
Reflections on reflection (attacks)
Recently Akamai published an article about CLDAP reflection attacks. This got us thinking. We saw attacks from Connectionless LDAP servers back in November 2016 but totally ignored them because our systems were automatically dropping the attack traffic without any impact....
April 27, 2017 1:00 PM
Introducing Cloudflare Orbit: A Private Network for IoT Devices
In October, we wrote about a 1.75M rps DDoS attack we mitigated on our network, launched by 52,467 unique IP’s, mostly hacked CCTV cameras. We continued to see more IoT devices in DDoS attacks....
April 19, 2017 1:03 PM
Introducing SSL for SaaS
If you’re running a SaaS company, you know how important it is that your application is performant, highly available, and hardened against attack. ...
April 14, 2017 3:00 PM
Understanding Our Cache and the Web Cache Deception Attack
About a month ago, security researcher Omer Gil published the details of an attack that he calls the Web Cache Deception attack. It works against sites that sit behind a reverse proxy (like Cloudflare) and are misconfigured in a particular way....
April 13, 2017 8:34 PM
Cloudflare Rate Limiting - Insight, Control, and Mitigation against Layer 7 DDoS Attacks
Today, Cloudflare is extending its Rate Limiting service by allowing any of our customers to sign up. Our Enterprise customers have enjoyed the benefits of Cloudflare’s Rate Limiting offering for the past several months. ...
January 09, 2017 2:08 PM
The Porcupine Attack: investigating millions of junk requests
We extensively monitor our network and use multiple systems that give us visibility including external monitoring and internal alerts when things go wrong....
December 30, 2016 2:34 PM
2017 and the Internet: our predictions
Looking back over 2016, we saw the good and bad that comes with widespread use and abuse of the Internet.
...
December 05, 2016 1:54 PM
TLD glue sticks around too long
Recent headline grabbing DDoS attacks provoked heated debates in the DNS community. Everyone has strong opinions on how to harden DNS to avoid downtime in the future. Is it better to use a single DNS provider or multiple? ...
December 02, 2016 1:21 PM
The Daily DDoS: Ten Days of Massive Attacks
Back in March my colleague Marek wrote about a Winter of Whopping Weekend DDoS Attacks where we were seeing 400Gbps attacks occurring mostly at the weekends. We speculated that attackers were busy with something else during the week....