Page 1 of 2 12 LastLast
Results 1 to 15 of 30
  1. #1
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    9,761

    * Why do people think CloudFlare will stop DDoS attacks?

    Hello,

    Over the last few weeks I have been seeing more and more people start to recommend CloudFlare for the prevention of DDoS attacks, Why is this?

  2. #2
    Join Date
    Jul 2010
    Posts
    363
    Cause people have no money for real DDOS protection or they don't want to spend big bucks. So any small glimmer of hope is worth clinging to .. for them

  3. #3
    Join Date
    Mar 2009
    Posts
    3,803
    because they do.. until they realize it's your site being hit and change the A record so all traffic goes directly to you

  4. #4
    I used cloud flare to make my dns load faster for my site, didn't work... Changed my computers DNS to google's 8.8.8.8 and 8.8.4.4 and it loaded my site instantly after a second of updating it, but if cloud flare doesn't speed up the load time then it sure doesn't stop ddosing...

  5. #5
    Join Date
    Nov 2010
    Location
    San Francisco, CA
    Posts
    895

    Post CloudFlare and DDoS

    Most of the time I see this happen because someone mistakenly thinks we are a DDoS service & mentions it on board. When it comes to an attack, unfortunately, people rush to find a quick fix to the problem.

    There are some things that we do that can help with smaller attacks & there are some things in the threat control panel you can do as well. But a monster attack will most certainly cause us to go direct to a site...

  6. #6
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,568
    The nature of the service alone allows traffic to be spread across various POPs, which can help isolate a DDoS attack pretty well. This alone doesn't do much to help with larger attacks (for that, you'll need other mitigation methods), but I can see CloudFlare being useful for smaller attacks.

  7. #7
    Join Date
    Nov 2009
    Location
    /etc/my.cnf
    Posts
    9,761
    Quote Originally Posted by damoncloudflare View Post
    There are some things that we do that can help with smaller attacks & there are some things in the threat control panel you can do as well. But a monster attack will most certainly cause us to go direct to a site...

    Quote Originally Posted by layer0 View Post
    The nature of the service alone allows traffic to be spread across various POPs, which can help isolate a DDoS attack pretty well. This alone doesn't do much to help with larger attacks (for that, you'll need other mitigation methods), but I can see CloudFlare being useful for smaller attacks.
    How small are we talking?

    Also if all of this is true why isnt their any information on their site regarding this Anti-DDoS...

  8. #8
    Join Date
    Nov 2010
    Location
    San Francisco, CA
    Posts
    895

    Post CloudFlare and DDoS

    Quote Originally Posted by layer0 View Post
    The nature of the service alone allows traffic to be spread across various POPs, which can help isolate a DDoS attack pretty well. This alone doesn't do much to help with larger attacks (for that, you'll need other mitigation methods), but I can see CloudFlare being useful for smaller attacks.
    Good summary We do not position ourselves as a DDoS solution at all.

  9. #9
    Join Date
    Nov 2010
    Location
    San Francisco, CA
    Posts
    895

    Post CloudFlare and DDoS

    Quote Originally Posted by cd/home View Post
    How small are we talking?

    Also if all of this is true why isnt their any information on their site regarding this Anti-DDoS...
    Because we don't want to be looked at as a DDoS solution. Generally speaking, people that are having a DDoS look for a quick fix & we do not guarantee that we will stop an attack. We will most certainly go direct to a server when the attack is large & starts to impact other customers.

  10. #10
    Join Date
    Nov 2010
    Location
    San Francisco, CA
    Posts
    895

    Post Hi,

    Quote Originally Posted by quantumphysics View Post
    because they do.. until they realize it's your site being hit and change the A record so all traffic goes directly to you
    Just a quick note that we don't make any DNS changes. We simply remove the CloudFlare proxy for the domain(s) impacted.

  11. #11
    Join Date
    Mar 2009
    Posts
    3,803
    that's ... pretty much a dns change isn't it

  12. #12
    Join Date
    Nov 2010
    Location
    San Francisco, CA
    Posts
    895

    Hi,

    Quote Originally Posted by quantumphysics View Post
    that's ... pretty much a dns change isn't it
    Not really. We're still resolving the DNS & simply removing our proxy on the DNS entry. Probably somewhat of a semantics thing...

  13. #13
    Join Date
    May 2011
    Posts
    579
    CloudFlare doesn't work well on high-end DDoS attacks (Ex: 100mbit+), but works fine when script kiddies attempt to take your website(s) offline.

    Most script kiddies have a tool which they refer to as a "Booter". A Booter, in logical terms, is a program which sends a command to multiple hacked servers. These hacked servers use their connection to attack your website's IP Address.

    When your site is behind CloudFlare, the hacked servers attack CloudFlare, instead of your website. CloudFlare isn't really made for DDoS protection, BUT it is able to filter these small attacks much better than your average web host.

    To sum this post up: Yes, CloudFlare is able to filter small DDoS attacks, but not large ones. If you are experiencing DDoS attacks, it's worth trying CloudFlare (It's free), but KEEP IM MIND, that if the script kiddie trying to take your website offline attacks your NON-CLOUDFLARE IP Address, your site will go offline. (Note: Your Non-CloudFlare IP is the IP you had before you switched to CloudFlare's DNS servers).

  14. #14
    Quote Originally Posted by Appdeveloper View Post
    CloudFlare doesn't work well on high-end DDoS attacks (Ex: 100mbit+), but works fine when script kiddies attempt to take your website(s) offline.
    100mbit+? More like 2000mbit+ or even higher.

  15. #15
    Join Date
    May 2011
    Posts
    579
    Quote Originally Posted by misspink View Post
    100mbit+? More like 2000mbit+ or even higher.
    If you're getting a constant 100Mbit+ DDoS Attack, I believe CloudFlare may kick you off (on the free version). The Pro version may be different.

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 0
    Last Post: 10-14-2010, 05:52 PM
  2. Replies: 0
    Last Post: 10-03-2010, 12:39 PM
  3. Replies: 0
    Last Post: 09-23-2010, 12:57 PM
  4. Replies: 7
    Last Post: 01-17-2007, 12:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •