On 03/31/2013 07:12 PM, walt wrote: > Any of you admin types out there have any grumpy thoughts about this > article? :) Is it really just marketing BS from cloudflare, or is it > solid stuff? > > http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet > >
Can't tell one way or another. Certainly the bulk of the events described are true. Certainly, it's in CF's interest to describe how they're thwarting a massive DDOS. And, certainly, they'd lose virtually all credibility if they were blowing smoke. Lose credibility, and they'd lose a ton of business. Frankly, I'm *inclined* to believe their description of events on that basis alone. But that's not absolute. It's also worth noting who they're protecting, and who the aggressor is. The organization they're protecting is a high-profile target. The organization they're protecting against is one whose businesses are heavily impacted by the latter, *and* who don't share a positive reputation among most. That said, when someone in here linked to a spamhaus page a few days ago, my local CloudFlare cache didn't have a copy of it, so I suspect spamhaus hasn't been weathering the storm particularly well. I'm also using CloudFlare for my site (they have a free tier which is frankly wonderful), and I've observed that whatever means I put in place to protect myself through them, it's not possible to get 100% coverage; for CF to work for you, you need to have a public IP address their servers can query. So long as you have a public IP address, you can be targeted; it's just a matter of discovering what that IP is. That IP could be discovered any of a variety of ways, particularly if someone is able to induce your server to send data outbound. (i.e. an email where the origin exists in the message headers.) For at least a couple weeks now, I've been a direct target of some kind of attack by someone who holds some kind of weird grudge. Originally, it was a simple SYN flood, but it's lately taken to be a flood of RST packets claiming to be from a particular CloudFlare IP; the attacker is trying to disrupt service by terminating proxied connections. Anyway, if you don't need SSL, I highly recommend CloudFlare's free tier. If you do need SSL, they have tiers which support that...but I don't have a budget to spend on it. (OTOH, it's nice enough that my average page load times have plummeted...and I now have a free global proxy cache network, despite my only having one backend server...)
signature.asc
Description: OpenPGP digital signature