Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack(blog.cloudflare.com) |
Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack(blog.cloudflare.com) |
Ironically, their abuse report does validate the domain being used to route traffic is a registered customer domain. But the abuse report and even Slack pings have yet to affect the traffic. It’s incredibly frustrating because you’d expect a company like Cloudflare, which positions itself as a defender against DDoS and similar threats, to take action much more quickly when they’re part of the problem.
And ok, I'll give some leeway in those numbers looking at the map on the linked page, 35% or so of source traffic is clustered over five countries so that distribution skews and some pops around those source countries are going to be hit harder than others. Still, maybe add an order of magnitude and I'll be a little less dismissive.
This is on the level of BrandonM's famous comment on Dropbox. https://news.ycombinator.com/item?id=9224
And ooh, ooh, I can flippantly dismiss a comment by calling back to that infamous comment as well! [0] You're actually posting this as a former VP? Geez dude, lighten up, they're not paying you anymore.
It’s called marketing.
They have a product. This is marketing for that product. The incentive is to make money. It's very clear imo.
I presume that fora exist for players to discuss blue-team strategy, and that decisions are nuanced and detailed. If so, there's a lot of leeway to pursue a hidden agenda.
I'm not so concerned about what their doing now. It's about in a few years, when stock isn't as strong and MBAs are parachuted in to perk up the bottom line.
Yes, anyone can shove a bunch of network equipment into a bunch of cabinets.
No, not anyone can shove a bunch of network equipment into a bunch of cabinets and run a service like cloudflare on top of that.
And is your argument really “I’ve spun up 16.5 PoP locations before, so I know what I’m talking about?”
Actually quite a few more than that, but yes.
Imagine some replacement for tcp is proposed and a working group is set up to develop it. A member of that group might advocate for or against features. You could take the position "we should not include Feature X because it will have a performance impact in Scenario Y".
Scenario Y may or may not be real, but it doesn't matter, because you're using it as a stalking horse to get the outcome you actuality want, which happens to be defeated by Feature X.
The other group members know what you're up to, but they can't prove it because you have plausible deniability. They can't kick you out of the group because you serve 20% of the web.
To reiterate, I have no allegations to level against Cloudflare. I think it's a useful heuristic to assume that a public company, given sufficient market power, will become evil. CF has the market power.
No need to imagine, QUIC exists.
Like every technology since 1980, it's unlikely to supplant Ethernet and TCP/IP, but it's the most successful effort yet.
SCTP also solves the problem of TCP-based DDOS because the client must participate in the handshake.
Good luck convincing all existing network software to switch to these protocols. I would like that too but it won't happen.