L4Drop: XDP DDoS Mitigations
November 28, 2018 7:59 PM
Efficient packet dropping is a key part of Cloudflare’s distributed denial of service (DDoS) attack mitigations. In this post, we introduce a new tool in our packet dropping arsenal: L4Drop....
The rise of multivector DDoS attacks
November 12, 2018 11:27 AM
It's been a while since we last wrote about Layer 3/4 DDoS attacks on this blog. This is a good news - we've been quietly handling the daily onslaught of DDoS attacks. Since our last write-up, a handful of interesting L3/4 attacks have happened. Let's review them....
How to drop 10 million packets per second
July 06, 2018 1:00 PM
Internally our DDoS mitigation team is sometimes called "the packet droppers". When other teams build exciting products to do smart things with the traffic that passed through our network, we take joy in discovering novel ways of discarding it....
Rate Limiting: Delivering more rules, and greater control
May 21, 2018 8:41 PM
With more platforms adopting DDoS safeguards like integrating mitigation services and enhancing bandwidth at vulnerable points, Layer 3 and 4 attacks are becoming far less effective than before....
Introducing Spectrum: Extending Cloudflare To 65,533 More Ports
April 12, 2018 1:01 PM
We are introducing Spectrum, which brings Cloudflare’s security and acceleration to the whole spectrum of TCP ports and protocols for our Enterprise customers. It’s DDoS protection for any box, container or VM that connects to the internet....
MORE POSTS
March 06, 2018 3:46 PM
The real cause of large DDoS - IP Spoofing
A week ago we published a story about new amplification attacks using memcached protocol on UDP port 11211. A few things happened since then: Github announced it was a target of 1.3Tbps memcached attack. OVH and Arbor reported similar large attacks with the peak reported at 1.7Tb...
- By
February 27, 2018 2:38 PM
Memcrashed - Major amplification attacks from UDP port 11211
Over last couple of days we've seen a big increase in an obscure amplification attack vector - using the memcached protocol, coming from UDP port 11211. In the past, we have talked a lot about amplification attacks happening on the internet. ...
- By
December 24, 2017 4:57 PM
TLS 1.3 is going to save us all, and other reasons why IoT is still insecure
As I’m writing this, four DDoS attacks are ongoing and being automatically mitigated by Gatebot. Cloudflare’s job is to get attacked. Our network gets attacked constantly....
- By
December 22, 2017 2:17 PM
Technical reading from the Cloudflare blog for the holidays
During 2017 Cloudflare published 172 blog posts (including this one). If you need a distraction from the holiday festivities at this time of year here are some highlights from the year....
- By
December 21, 2017 2:01 PM
2018 and the Internet: our predictions
At the end of 2016, I wrote a blog post with seven predictions for 2017. Let’s start by reviewing how I did. I’ll score myself with two points for being correct, one point for mostly right and zero for wrong. That’ll give me a maximum possible score of fourteen. Here goes......
- By
December 14, 2017 7:41 PM
Inside the infamous Mirai IoT Botnet: A Retrospective Analysis
This post offers a retrospective on Mirai, the infamous IoT botnet that disrupted major websites with massive DDoS attacks, leveraging hundreds of thousands of compromised Internet-of-Things devices....
- By
December 07, 2017 8:44 PM
On the Leading Edge - Cloudflare named a leader in The Forrester Wave: DDoS Mitigation Solutions
Cloudflare has been recognized as a leader in the “Forrester WaveTM: DDoS Mitigation Solutions, Q4 2017.”...
- By
November 23, 2017 3:28 AM
The New DDoS Landscape
News outlets and blogs will frequently compare DDoS attacks by the volume of traffic that a victim receives. Surely this makes some sense, right? The greater the volume of traffic a victim receives, the harder to mitigate an attack - right? ...
- By
October 01, 2017 10:00 AM
A New Cybersecurity Strategy for Europe
October is European Cybersecurity Month, an annual advocacy campaign to raise awareness of cyber risks among citizens and businesses, and to share best practices in cybersecurity....
- By
September 26, 2017 1:00 PM
Introducing the Cloudflare Geo Key Manager
Cloudflare’s customers recognize that they need to protect the confidentiality and integrity of communications with their web visitors....
- By
September 25, 2017 1:00 PM
No Scrubs: The Architecture That Made Unmetered Mitigation Possible
When building a DDoS mitigation service it’s incredibly tempting to think that the solution is scrubbing centers or scrubbing servers. I, too, thought that was a good idea in the beginning, ...
- By
September 25, 2017 1:00 PM
Meet Gatebot - a bot that allows us to sleep
In the past, we’ve spoken about how Cloudflare is architected to sustain the largest DDoS attacks. During traffic surges we spread the traffic across a very large number of edge servers. ...
- By
September 25, 2017 1:00 PM
Unmetered Mitigation: DDoS Protection Without Limits
This is the week of Cloudflare's seventh birthday. It's become a tradition for us to announce a series of products each day of this week and bring major new benefits to our customers. We're beginning with one I'm especially proud of: Unmetered Mitigation....
- By
August 28, 2017 2:00 PM
The WireX Botnet: How Industry Collaboration Disrupted a DDoS Attack
On August 17th, 2017, multiple Content Delivery Networks (CDNs) and content providers were subject to significant attacks from a botnet dubbed WireX. ...
- By