amuck-landowner

Cloudflare Business Plan DDoS protection. Anyone use/d it?

MannDude

Just a dude
vpsBoard Founder
Moderator
Has anyone here used Cloudflare's Business Plan DDoS protection before? Care to give me a short review of it? Been browsing the web, but wanting to get comments on it from the folks here.

How's it hold up to today's stronger attacks?

The only thing that appeals me to Cloudflare for DDoS protection is the fact you're not limited to a specific location that offers DDoS protection. Just setup a server anywhere and use Cloudflare. Does it work that well though?
 
Last edited by a moderator:

kaniini

Beware the bunny-rabbit!
Verified Provider
It's not worth using.  If you get a DDoS too big, they just boot you still.

If you're going to pay, go with Prolexic or BlackLotus.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Would it be more or less capable than the $3/mo or whatever filtered IP I have from BuyVM?

Their protection is good, hasn't let vpsBoard really go down. Just wish I could find affordable DDoS protection in other locations. Was hoping CF was decent as I love the idea that it allows me to go with any provider in any location at that point.
 

D. Strout

Resident IPv6 Proponent
I thought you already used it at one point and didn't like it because of incompatibilities with IP.Board?
 

Marc M.

Phoenix VPS
Verified Provider
CloudFlare isn't always kosher, but when it its, it tastes like pickles :lol:
 

kaniini

Beware the bunny-rabbit!
Verified Provider
Would it be more or less capable than the $3/mo or whatever filtered IP I have from BuyVM?

Their protection is good, hasn't let vpsBoard really go down. Just wish I could find affordable DDoS protection in other locations. Was hoping CF was decent as I love the idea that it allows me to go with any provider in any location at that point.
I am not sure, but honestly -- I think I would trust Francisco to not bail on you before I would trust Cloudflare.  Cloudflare bails very quickly these days it seems.
 

Francisco

Company Lube
Verified Provider
I am not sure, but honestly -- I think I would trust Francisco to not bail on you before I would trust Cloudflare.  Cloudflare bails very quickly these days it seems.
Unless you run a booter. If you run a booter they go the distance for you :(

Francisco
 

kaniini

Beware the bunny-rabbit!
Verified Provider
Unless you run a booter. If you run a booter they go the distance for you :(


Francisco
That's another reason why I wouldn't use Cloudflare honestly.  The stuff being "protected" by Cloudflare is likely being intercepted by intelligence organizations.  I mean, if I were an FBI agent, and I knew the script kiddies loved Cloudflare, that is where I would do an intercept...
 

Francisco

Company Lube
Verified Provider
That's another reason why I wouldn't use Cloudflare honestly.  The stuff being "protected" by Cloudflare is likely being intercepted by intelligence organizations.  I mean, if I were an FBI agent, and I knew the script kiddies loved Cloudflare, that is where I would do an intercept...
Very true!

I just think it's asking for trouble to have so much reliance on that single platform. There's multiple shared hosting hosts that automatically put customer sites behind it and likely use it as an excuse to load the nodes harder.

Francisco
 

maounique

Active Member
There is going to be the OVH one.

I would trust those ppl since they have such a big network and traffic.

Lets see how they are performing in reality.
 

Flapadar

Member
Verified Provider
That's another reason why I wouldn't use Cloudflare honestly.  The stuff being "protected" by Cloudflare is likely being intercepted by intelligence organizations.  I mean, if I were an FBI agent, and I knew the script kiddies loved Cloudflare, that is where I would do an intercept...
That's probably why cloudflare keep them all online lol 
 

bdtech

New Member
Cloudflare only keeps aggregate stats and clears all logs every few hours. They are extreme privacy and security fanatics.


What plan does ramnode use?
 
Last edited by a moderator:

Francisco

Company Lube
Verified Provider
Cloudflare only keeps aggregate stats and clears all logs every few hours. They are extreme privacy and security fanatics.

What plan does ramnode use?
Not by much. They are well known for leaking the IP of whatever they're proxying all the time. If you're a well known target? Not as much but they do it to booters, etc.

Do you think they'd go the distance for superleetstresser.net like they did lulzsec? Very unlikely. They used lulzsec, & spamhaus for PR purposes. They went on about that 300gbit flood that no POP's have been able to confirm to this date.

Francisco
 

Kruno

New Member
Verified Provider
They don't leak IPs anymore, they just forward the complaint to abuse-mailbox, and provide inetnum / netname but not exact IP address. They started doing that a few months ago.
 
Last edited by a moderator:

EarthVPN

New Member
They went on about that 300gbit flood that no POP's have been able to confirm to this date.


Francisco

Richard Steenbergen, CTO of nLayer, one of the upstream network providers of CloudFlare have commented below.

Hi Sam,

My company is one of the primary providers for Cloudflare, and was one


of the first to be attacked over the current Spamhaus/Cyberbunker


debacle. Your latest piece is interesting, and while a lot of the hype


and fear over these attacks IS IMHO unjustified, there are a few major


details that you're missing.


First off I can confirm a few basic facts, namely that we really did


receive a ~300 Gbps attack directed at Cloudflare, and later


specifically targeted at pieces of our core infrastructure. This is


definitely on the large end of the scale as far as DoS attacks go, but


I wouldn't call it "record smashing" or "game changing" in any special


way. It's just another large attack, maybe 10-15% larger than other


similar ones we've seen in the past, and I'm certain we will continue


to see even larger ones in the future as global traffic levels


increase. What made this particular attack notable is where it was


targeted, which greatly increased the number of people who noticed it.


In defense of the claims in other articles, there is a huge difference


between "taking down the entire Internet" and "causing impact to


notable portions of the Internet". My company, most other large


Internet carriers, and even the largest Internet exchange points, all


deliver traffic at multi-terabits-per-second rates, so in the grand


scheme of things 300 Gbps is certainly not going to destroy the


Internet, wipe anybody off the map, or even show up as more than a blip


on the charts of global traffic levels. That said, there is absolutely


NO network on this planet who maintains 300 Gbps of active/lit but


unused capacity to every point in their network. This would be


incredibly expensive and wasteful, and most of us are trying to run


for-profit commercial networks, so when 300 Gbps of NEW traffic


suddenly shows up and all wants to go to ONE location, someone is going


to have a bad day.


But, having a bad day on the Internet is nothing new. These are the


types of events we deal with on a regular basis, and most large network


operators are very good at responding quickly to deal with situations


like this. In our case, we worked with Cloudflare to quickly identify


the attack profile, rolled out global filters on our network to limit


the attack traffic without adversely impacting legitimate users, and


worked with our other partner networks (like NTT) to do the same. If


the attacks had stopped here, nobody in the "mainstream media" would


have noticed, and it would have been just another fun day for a few


geeks on the Internet.


The next part is where things got interesting, and is the part that


nobody outside of extremely technical circles has actually bothered to


try and understand yet. After attacking Cloudflare and their upstream


Internet providers directly stopped having the desired effect, the


attackers turned to any other interconnection point they could find,


and stumbled upon Internet Exchange Points like LINX (in London),


AMS-IX (in Amsterdam), and DE-CIX (in Frankfurt), three of the largest


IXPs in the world.


An IXP is an "interconnection fabric", essentially just a large


switched LAN, which acts as a common meeting point for different


networks to connect and exchange traffic with each other. Every member


connects a router, and is given a single IP address out of a common IP


block to facilitate the interconnection. For example, one of LINX's


main blocks is a single /22, and every member has an IP within that


block. When two networks want to connect with each other, they set up a


BGP session between their IPs, and the traffic is switched across the


LAN just like it would be in any other switched network.


The downside of this architecture is that these IP blocks are real,


routable IPs, which can sometimes be reached from the outside world.


It's usually against the rules of the individual IXPs to redistribute


those blocks into the global table, but it's a common misconfiguration


that still happens all the time, meaning anyone on the Internet can


send traffic to those router IPs. When one of these IP addresses shows


up in traceroute and attackers target it, it results in a large amount


of traffic being unexpectedly dumped into this IXP LAN. The "quick fix"


for this is for the IXP operators to chase down everyone who is


redistributing the IXP block to the global table.


Note that the vast majority of global Internet traffic does NOT travel


over these types of public IXPs, but rather goes via direct private


interconnections between specific networks. Typically IXP traffic


represents more of the "long tail" of networks who are peering with


each other, i.e. they're used by a large number of generally smaller


networks, or by larger networks who are looking to offload some of


their "lower speed" interconnections. Collectively it still adds up to


a lot of traffic, but the really "big" pipes that carry most of the


Internet traffic are all private point-to-point links (called PNIs).


So, what you actually saw here was an attack affecting a large number


of smaller networks, with something which was really a completely


unrelated and unintended side-effect of the original attack. It's not


going to take down the Internet, but it's certainly a recipe for having


a lot of people talking about it. :)


Hopefully that clears up a bit of the situation.


-Richard A Steenbergen
 
Top
amuck-landowner