Set up CF, only allow traffic from CF.
On another note, having CF monitor an attack like this could help them do more research into mitigating these attacks in general and allow them to try and hunt the attacker. They tend to make things like this public which would benefit everyone.
> As I noted in a talk I gave last summer with Lance James at the Black Hat security conference in Las Vegas, a funny thing happens when you decide to operate a DDoS-for-hire Web service: Your service becomes the target of attacks from competing DDoS-for-hire services. Hence, a majority of these services have chosen to avail themselves of Cloudflare’s free content distribution service, which generally does a pretty good job of negating this occupational hazard for the proprietors of DDoS services.
I could post more, but why bother?
CloudFlare is firm in our belief that our role is not that of Internet censor. There are tens of thousands of websites currently using CloudFlare's network. Some of them contain information I find troubling. Such is the nature of a free and open network and, as an organization that aims to make the whole Internet faster and safer, such inherently will be our ongoing struggle. While we will respect the laws of the jurisdictions in which we operate, we do not believe it is our decision to determine what content may and may not be published. That is a slippery slope down which we will not tread.
As a result, both the Israeli Defence Forces and Hamas are CloudFlare customers. Unless one of their customers is doing something that is unambiguously illegal (e.g. hosting child pornography), CloudFlare won't cut them off just because they're doing something that some people regard as "bad".
It's a very principled stance and one that I respect.
Information isn't really the question here. These aren't sites telling people how to conduct DDOS attacks, these are sites where you pay them, and they run a DDOS for you. This effectively silences someone until they either give up on their message, or sign up for expensive DDOS mitigation packages (or Cloudflare).
You may consider that to be free speech. I don't.
You clearly don't and you're entitled to your opinion.
The krebs story was interesting thanks, the forum posts less so. I understand why cloudflare are reluctant to start rejecting customers based on content, but surely it's illegal to sell DDOS services? Perhaps they should change their TOS to exclude any sites which sell attack tools/services, because it looks really bad for them to be protecting sites that promote DDOS, which then provides them with repeat business.
Are there still sites up protected by cloudflare which promote this sort of activity?
Selling attack tools, however, is explicitly legal in most places, it's just software just as a port-scanning tool, DeCSS or zero-day vulnerability data.
"Promoting this sort of activity" again is free speech issue, no matter what "that sort" is. For example, there are posts right here in HN that "promote this sort of activity", and it would be ridiculous if having such content is even close to allowing someone to take down a server.
In short, unless the actual site is performing illegal activities (implementing the DDoS or uploading childporn&stuff), I'd say that they're correct in explicitly ignoring whatever else the site is doing.
a great many of today’s DDoS attacks are being launched or coordinated by the same individuals who are running DDoS-for-hire services (a.k.a “booters”) which are hiding behind Cloudflare’s own free cloud protection services.
I don't see Matthew Prince's post quoted above as a satisfactory response to this. This is morally and legally shady because cloudflare directly profit from the continued existence of DDOS, so they should be very careful to offer not a shred of evidence that they currently support people who carry out DDOS IMO, it would just be good business and current customers are going to get restless if they find cloudflare protects DDOS sites knowingly.
They've obviously taken a different stance (based on not wanting to filter customers on content), which I'm sympathetic to, but if the content is illegal and directly benefits them by facilitating more DDOS attacks, that equation changes.
I'm sure there's tons more, but why bother compiling a list when nothing will change. If you're curious, a good place to look would be the hackforums 'DDOS as a service' section. I bet a lot of the active ones would go to cloudflare.