
The rise of multivector DDoS attacks - majke
https://blog.cloudflare.com/the-rise-of-multivector-amplifications/#
======
DanielDent
Are there often significant issues that arise while Cloudflare is mitigating
an attack?

I've often wondered why people would conduct attacks if the attacks don't
actually end up doing anything.

The fact that somebody is protected by a DDoS mitigation service should be
evident to most of the people capable of conducting an attack.

~~~
Laforet
It really depends. A lot of people, myself included, use their free tier
service which is excellent for the grand price of zero, however it does not
really come with much real DDoS protection. Script kiddies might give up after
seeing an IP address belonging to CF, but the more experienced and determined
attackers will keep ramping up bandwidth until Cloudflare takes notice and cut
you off because you are now more trouble than worth. Free tier breaks only
with a little bit of traffic, whereas paid users have some headroom but it is
not infinite. From their point of view it's still preferable to lose you as a
customer than having every other customer's site lagging because of you.

Apparently even business tier is not immune, Brian Krebs' security blog was
DDoS'ed off Akamai after the then-ongoing mitigation cost ended up being far
more than they could agree on, and it took him days to find another
provider[0].

[0]:[https://krebsonsecurity.com/2016/09/the-democratization-
of-c...](https://krebsonsecurity.com/2016/09/the-democratization-of-
censorship/)

~~~
flarex
All Cloudflare plans have unmetered DDoS protection. Where did you get the
idea that they would cut you off if you were on the free tier?

~~~
Laforet
I've seen it happen multiple times. Besides, "unmetered" is almost always
marketing hype whenever you see it. If your website uses >10TB of non-DDoS
traffic per day on CF you are likely to get a call from their sales team soon
asking you to upgrade to a pro or business account.

A brief DDoS was (not sure if still is) a common method to expose the real IP
because the CDN edge servers could often be easily spooked by a brief surge in
traffic and start redirecting DNS back to origin. I suspect this is the kind
of "protection" they were really offering: your site will still be down, but
at least the backend is never revealed to the world.

~~~
flarex
They've publically stated that they do not drop traffic for any plans (at
least as of 2017) no matter the size. So whatever you have seen is likely no
longer the case. Unless you have sources that they are still doing this?

------
js4ever
Thanks for this detailed article, for someone like me interested in Ddos this
is super interesting, Cloudflare network and expertise is really impressive!
Wow

