Mobile Ad Networks as DDoS Vectors: A Case Study
September 25, 2015 4:01 PM
CloudFlare servers are constantly being targeted by DDoS'es. We see everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets....
Up and to the Right: Forrester Research Ranks CloudFlare as a “Leader” for DDoS Services Providers
August 05, 2015 2:13 AM
Forrester Research, Inc. has released The Forrester Wave™: DDoS Services Providers, Q3 2015 report which ranks CloudFlare as a leader. How do you get placed “up and to the right”? ...
An introduction to JavaScript-based DDoS
April 30, 2015 12:02 PM
CloudFlare protects millions of websites from online threats. One of the oldest and most pervasive attacks launched against websites is the Distributed Denial of Service (DDoS) attack....
Of Phishing Attacks and WordPress 0days
April 24, 2015 12:17 AM
Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. However, it also makes us a target. ...
Announcing Virtual DNS: DDoS Mitigation and Global Distribution for DNS Traffic
March 10, 2015 12:59 PM
It’s 9am and CloudFlare has already mitigated three billion malicious requests for our customers today. Six out of every one hundred requests we see are malicious, and increasingly, more of those bad requests are targeting DNS nameservers. ...
MORE POSTS
January 06, 2015 11:10 PM
DDoS Packet Forensics: Take me to the hex!
A few days ago, my colleague Marek sent an email about a DDoS attack against one of our DNS servers that we'd been blocking with our BPF rules....
- By
September 30, 2014 10:38 PM
Inside Shellshock: How hackers are using it to exploit systems
On Wednesday of last week, details of the Shellshock bash bug emerged. This bug started a scramble to patch computers, servers, routers, firewalls, and other computing appliances using vulnerable versions of bash....
- By
July 03, 2014 3:00 PM
Introducing the BPF Tools
In a recent article I described the basic concepts behind the use of Berkeley Packet Filter (aka BSD Packet filter or BPF) bytecode for high performance packet filtering, and the xt_bpf iptables module....
- By
May 07, 2014 4:00 AM
Killing RC4: The Long Goodbye
At CloudFlare we spend a lot of time thinking about the best way to keep our customers’ data safe. Despite recent troubles, HTTPS is still the best way to deliver encrypted content for the web. ...
- By
April 01, 2014 1:19 AM
The weird and wonderful world of DNS LOC records
A cornerstone of CloudFlare's infrastructure is our ability to serve DNS requests quickly and handle DNS attacks. To do both those things we wrote our own authoritative DNS server called RRDNS in Go. ...
- By
March 11, 2014 4:00 PM
WordPress Pingback Attacks and our WAF
At CloudFlare a lot of our customers use WordPress, that's why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for our Web Application Firewall....
- By
March 05, 2014 12:00 AM
It's Go Time on Linux
Some interesting changes related to timekeeping in the upcoming Go 1.3 release inspired us to take a closer look at how Go programs keep time with the help of the Linux kernel. Timekeeping is a complex topic and determining the current time isn’t as simple as it might seem at fir...
- By
February 23, 2014 11:00 AM
Good News: Vulnerable NTP Servers Closing Down
On Monday, February 10th, CloudFlare experienced a large DDoS attack, with nearly 400Gbps of NTP attack traffic hitting our network. ...
- By
February 13, 2014 1:00 AM
Technical Details Behind a 400Gbps NTP Amplification DDoS Attack
On Monday we mitigated a large DDoS that targeted one of our customers. The attack peaked just shy of 400Gbps. We've seen a handful of other attacks at this scale, but this is the largest attack we've seen that uses NTP amplification....
- By
January 09, 2014 4:00 PM
Understanding and mitigating NTP-based DDoS attacks
Over the last couple of weeks you may have been hearing about a new tool in the DDoS arsenal: NTP-based attacks. These have become popular recently and caused trouble for some gaming web sites and service providers....
- By
December 31, 2013 6:30 PM
2013: Rebuild the Engine; 2014: Step on the Gas
It's been a busy 2013 here at CloudFlare. By all external measures it was a terrific year. We grew page views, revenue and traffic across our network – all by more than 400%. We added terrific partners and high profile customers. ...
- By
September 13, 2013 6:00 AM
Why secure systems require random numbers
If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Communications Headquarters you may have come across a claim that the NSA was involved in weakening a random number generator. ...
- By
August 27, 2013 6:15 PM
Details Behind Today's Internet Hacks
At 1:19pm, a researcher noticed that the New York Times' website wasn't loading. We know the New York Times tech team, so we emailed to check in. Minutes later, the CTO of the NYT called us back. ...
- By
August 27, 2013 12:10 AM
The story of a little DNS easter egg
About a year ago, we realized that CloudFlare's current DNS infrastructure had some challenges. We were using PowerDNS, an open source DNS server that is popular with hosting providers. ...
- By