Mobile Ad Networks as DDoS Vectors: A Case Study
September 25, 2015 4:01 PM
CloudFlare servers are constantly being targeted by DDoS'es. We see everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets....
September 25, 2015 4:01 PM
CloudFlare servers are constantly being targeted by DDoS'es. We see everything from attempted DNS reflection attacks to L7 HTTP floods involving large botnets....
August 05, 2015 2:13 AM
Forrester Research, Inc. has released The Forrester Wave™: DDoS Services Providers, Q3 2015 report which ranks CloudFlare as a leader. How do you get placed “up and to the right”? ...
April 30, 2015 12:02 PM
CloudFlare protects millions of websites from online threats. One of the oldest and most pervasive attacks launched against websites is the Distributed Denial of Service (DDoS) attack....
April 24, 2015 12:17 AM
Proxying around 5% of the Internet’s requests gives us an interesting vantage point from which to observe malicious behavior. However, it also makes us a target. ...
March 10, 2015 12:59 PM
It’s 9am and CloudFlare has already mitigated three billion malicious requests for our customers today. Six out of every one hundred requests we see are malicious, and increasingly, more of those bad requests are targeting DNS nameservers. ...
January 06, 2015 11:10 PM
A few days ago, my colleague Marek sent an email about a DDoS attack against one of our DNS servers that we'd been blocking with our BPF rules....
September 30, 2014 10:38 PM
On Wednesday of last week, details of the Shellshock bash bug emerged. This bug started a scramble to patch computers, servers, routers, firewalls, and other computing appliances using vulnerable versions of bash....
July 03, 2014 3:00 PM
In a recent article I described the basic concepts behind the use of Berkeley Packet Filter (aka BSD Packet filter or BPF) bytecode for high performance packet filtering, and the xt_bpf iptables module....
May 07, 2014 4:00 AM
At CloudFlare we spend a lot of time thinking about the best way to keep our customers’ data safe. Despite recent troubles, HTTPS is still the best way to deliver encrypted content for the web. ...
April 01, 2014 1:19 AM
A cornerstone of CloudFlare's infrastructure is our ability to serve DNS requests quickly and handle DNS attacks. To do both those things we wrote our own authoritative DNS server called RRDNS in Go. ...
March 11, 2014 4:00 PM
At CloudFlare a lot of our customers use WordPress, that's why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for our Web Application Firewall....
March 05, 2014 12:00 AM
Some interesting changes related to timekeeping in the upcoming Go 1.3 release inspired us to take a closer look at how Go programs keep time with the help of the Linux kernel. Timekeeping is a complex topic and determining the current time isn’t as simple as it might seem at fir...
February 23, 2014 11:00 AM
On Monday, February 10th, CloudFlare experienced a large DDoS attack, with nearly 400Gbps of NTP attack traffic hitting our network. ...
February 13, 2014 1:00 AM
On Monday we mitigated a large DDoS that targeted one of our customers. The attack peaked just shy of 400Gbps. We've seen a handful of other attacks at this scale, but this is the largest attack we've seen that uses NTP amplification....
January 09, 2014 4:00 PM
Over the last couple of weeks you may have been hearing about a new tool in the DDoS arsenal: NTP-based attacks. These have become popular recently and caused trouble for some gaming web sites and service providers....
December 31, 2013 6:30 PM
It's been a busy 2013 here at CloudFlare. By all external measures it was a terrific year. We grew page views, revenue and traffic across our network – all by more than 400%. We added terrific partners and high profile customers. ...
September 13, 2013 6:00 AM
If you've been following recent news about technical spying by the US National Security Agency and the UK's Government Communications Headquarters you may have come across a claim that the NSA was involved in weakening a random number generator. ...
August 27, 2013 6:15 PM
At 1:19pm, a researcher noticed that the New York Times' website wasn't loading. We know the New York Times tech team, so we emailed to check in. Minutes later, the CTO of the NYT called us back. ...
August 27, 2013 12:10 AM
About a year ago, we realized that CloudFlare's current DNS infrastructure had some challenges. We were using PowerDNS, an open source DNS server that is popular with hosting providers. ...