CloudFlare DDoS attacks 101: what are they and how to protect your site?

1 like2,558 views

The document discusses Distributed Denial of Service (DDoS) attacks, highlighting their nature and impact on legitimate services. It provides examples of significant attacks and the mechanisms behind them, including amplification factors from DNS and NTP servers. Additionally, it emphasizes the importance of network security practices, such as implementing BCP38, to prevent becoming a source of such attacks.

Technology News & Politics

Related topics:

Website Security Overview

Most read

Trey Guinn

Solution Engineer, CloudFlare

www.cloudﬂare.com
DDoS 101

Distributed Denial of Service
!
An attack coming from all many locations
which overwhelms your resources and
prevents you from serving legitimate
customers.

Fake Pizza Orders

Variety of Attacks
Volumetric
Protocol Attacks
Application Attacks

Real Life Example

CloudFlare DDoS attacks 101: what are they and how to protect your site?

CloudFlare DDoS attacks 101: what are they and how to protect your site?

Wednesday, March 20
~75Gbps attack

100Gbps
Magic ceiling in DDoS attacks

March 24 – March 25
Peaks of the attack reached at least 309Gbps

dig ANY isc.org @63.217.84.76
+edns=0 +notcp +bufsize=4096

64-byte query

$ dig ANY isc.org @63.217.84.76 +edns=0 +notcp +bufsize=4096

3,363-byteresponse

Ampliﬁcation

50x
Ampliﬁcation factor

Attack Ampliﬁcation
!
DNS - 50 x

NTP - 200x

Coming: SNMP - 650x

UDP = no handshake

Problem Ingredients:
Networks that allows
source IP spooﬁng

+

Servers that reply to

“non-customers”

Good networks don’t let
packets originate from IPs
they don’t own (BCP38)

Not all networks are good

How common are
these ingredients?

28 million open resolvers

24.6% networks allow spooﬁng

10s of Millions
Open NTP DNS servers

1 attacker’s laptop controlling

5–7 compromised servers on

3 networks that allowed spooﬁng of

9Gbps DNS requests to

0.1% of open resolvers resulted in

300Gbps+ of DDoS attack trafﬁc.

+

+

+

+

How did we stop it?

CloudFlare DDoS attacks 101: what are they and how to protect your site?

Anycast

CloudFlare DDoS attacks 101: what are they and how to protect your site?

Inherently “dilutes”
the attack

300Gbps
25 Anycasted PoPs
12 Gbps/PoP
÷

Make sure you’re not part
of the problem…

Are you running open DNS resolvers?

Are you running open NTP servers?

Implement BCP38 (uRPF)

Trey Guinn

Solution Engineer

www.cloudﬂare.com

Ad

Recommended

PDF

Keynote - Cloudy Vision: How Cloud Integration Complicates Security

PDF

Protecting Web Services from DDOS Attack

PDF

Amazon guard duty_lab

Bela Sojina MBA, PMP

PPTX

Botconf ppt

PDF

AWS VPC best practices 2016 by Bogdan Naydenov

Bogdan Naydenov

PPTX

Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare

PPTX

Защита веб-приложений и веб-инфраструктуры

PDF

Пять секретов оптимальной настройки цифровой АТС Cisco UCM

PDF

Почему не работает Wi-Fi? Ошибки при проектировании сети

PPT

Защита сайта от взлома и вирусов

PDF

A10 issa d do s 5-2014

PPTX

Yac2013 lyamin-ddos

Alexander Lyamin

PDF

DDoS Defence 101

PDF

DDoS-атаки: почему они возможны, и как их предотвращать

PDF

Антон Карпов - Сетевая безопасность

PDF

Правила успешной карьеры в IT. Часть 2. Взгляд HR-отдела

PPTX

Варианты решений для подключения мобильных устройств

PPT

Технология операторов связи DWDM: все самое важное за 1 вебинар

PDF

классификация Ddos. александр лямин, артем гавриченков. зал 2

PPT

как объяснить заказчику, что он не прав. денис тучин. зал 3

PPTX

MX – универсальная сервисная платформа. Вчера, сегодня, завтра.

PPT

D do s

PPTX

Вопросы балансировки трафика

PPTX

End to End Convergence

PPTX

Denial of service attack

PPTX

IP/LDP fast protection schemes

PPTX

Сервисы NFV

PDF

Null HYD VRTDOS

PDF

How to launch and defend against a DDoS

PDF

Secure 2013 Poland

More Related Content

PDF

Keynote - Cloudy Vision: How Cloud Integration Complicates Security

PDF

Protecting Web Services from DDOS Attack

PDF

Amazon guard duty_lab

Bela Sojina MBA, PMP

PPTX

Botconf ppt

PDF

AWS VPC best practices 2016 by Bogdan Naydenov

Bogdan Naydenov

PPTX

Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare

PPTX

Защита веб-приложений и веб-инфраструктуры

PDF

Пять секретов оптимальной настройки цифровой АТС Cisco UCM

Keynote - Cloudy Vision: How Cloud Integration Complicates Security

Protecting Web Services from DDOS Attack

Amazon guard duty_lab

Bela Sojina MBA, PMP

Botconf ppt

AWS VPC best practices 2016 by Bogdan Naydenov

Bogdan Naydenov

Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare

Защита веб-приложений и веб-инфраструктуры

Пять секретов оптимальной настройки цифровой АТС Cisco UCM

Viewers also liked (20)

PDF

Почему не работает Wi-Fi? Ошибки при проектировании сети

PPT

Защита сайта от взлома и вирусов

PDF

A10 issa d do s 5-2014

PPTX

Yac2013 lyamin-ddos

Alexander Lyamin

PDF

DDoS Defence 101

PDF

DDoS-атаки: почему они возможны, и как их предотвращать

PDF

Антон Карпов - Сетевая безопасность

PDF

Правила успешной карьеры в IT. Часть 2. Взгляд HR-отдела

PPTX

Варианты решений для подключения мобильных устройств

PPT

Технология операторов связи DWDM: все самое важное за 1 вебинар

PDF

классификация Ddos. александр лямин, артем гавриченков. зал 2

PPT

как объяснить заказчику, что он не прав. денис тучин. зал 3

PPTX

MX – универсальная сервисная платформа. Вчера, сегодня, завтра.

PPT

D do s

PPTX

Вопросы балансировки трафика

PPTX

End to End Convergence

PPTX

Denial of service attack

PPTX

IP/LDP fast protection schemes

PPTX

Сервисы NFV

PDF

Null HYD VRTDOS

Почему не работает Wi-Fi? Ошибки при проектировании сети

Защита сайта от взлома и вирусов

A10 issa d do s 5-2014

Yac2013 lyamin-ddos

Alexander Lyamin

DDoS Defence 101

DDoS-атаки: почему они возможны, и как их предотвращать

Антон Карпов - Сетевая безопасность

Правила успешной карьеры в IT. Часть 2. Взгляд HR-отдела

Варианты решений для подключения мобильных устройств

Технология операторов связи DWDM: все самое важное за 1 вебинар

классификация Ddos. александр лямин, артем гавриченков. зал 2

как объяснить заказчику, что он не прав. денис тучин. зал 3

MX – универсальная сервисная платформа. Вчера, сегодня, завтра.

D do s

Вопросы балансировки трафика

End to End Convergence

Denial of service attack

IP/LDP fast protection schemes

Сервисы NFV

Null HYD VRTDOS

Ad

Similar to CloudFlare DDoS attacks 101: what are they and how to protect your site? (20)

PDF

How to launch and defend against a DDoS

PDF

Secure 2013 Poland

PDF

DNS DDoS Attack and Risk

PDF

KHNOG 3: DDoS Attack Prevention

PDF

DDOS Mitigation Experience from IP ServerOne by CL Lee

PPTX

Filling the Gaps in Your DDoS Mitigation Strategy

PDF

Stopping DDoS Attacks in North America

PPTX

Ddos and mitigation methods.pptx (1)

PDF

Denial of Service - Service Provider Overview

MarketingArrowECS_CZ

PDF

ECE560 Denial of Service Attacks Fall2020.pdf

PPTX

Day 2 - 1. Denial of Sergvice (DoS) Attacks.pptx

PPTX

Day 2 - 1. Denial of Service (DoS) Attacks.pptx

PPTX

Denial of Service (DoS) Attacks and its types

PPTX

BADCamp 2017 - Anatomy of DDoS

Suzanne Aldrich

PPTX

What is DDoS ?

PDF

Distributed Denial of Services (DDoS) Attacks Conceptual Intro

SakthiSaravananShanm

PDF

Cyber-security

PDF

A survey of trends in massive ddos attacks and cloud based mitigations

PDF

A survey of trends in massive ddos attacks and cloud based mitigations

PDF

A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS

How to launch and defend against a DDoS

Secure 2013 Poland

DNS DDoS Attack and Risk

KHNOG 3: DDoS Attack Prevention

DDOS Mitigation Experience from IP ServerOne by CL Lee

Filling the Gaps in Your DDoS Mitigation Strategy

Stopping DDoS Attacks in North America

Ddos and mitigation methods.pptx (1)

Denial of Service - Service Provider Overview

MarketingArrowECS_CZ

ECE560 Denial of Service Attacks Fall2020.pdf

Day 2 - 1. Denial of Sergvice (DoS) Attacks.pptx

Day 2 - 1. Denial of Service (DoS) Attacks.pptx

Denial of Service (DoS) Attacks and its types

BADCamp 2017 - Anatomy of DDoS

Suzanne Aldrich

What is DDoS ?

Distributed Denial of Services (DDoS) Attacks Conceptual Intro

SakthiSaravananShanm

Cyber-security

A survey of trends in massive ddos attacks and cloud based mitigations

A survey of trends in massive ddos attacks and cloud based mitigations

A SURVEY OF TRENDS IN MASSIVE DDOS ATTACKS AND CLOUD-BASED MITIGATIONS

Ad

More from Cloudflare (20)

PDF

Succeeding with Secure Access Service Edge (SASE)

PPTX

Close your security gaps and get 100% of your traffic protected with Cloudflare

PPTX

Why you should replace your d do s hardware appliance

PPTX

Don't Let Bots Ruin Your Holiday Business - Snackable Webinar

PPTX

Why Zero Trust Architecture Will Become the New Normal in 2021

PPTX

HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...

PPTX

Zero trust for everybody: 3 ways to get there fast

PPTX

LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...

PPTX

Network Transformation: What it is, and how it’s helping companies stay secur...

PPTX

Scaling service provider business with DDoS-mitigation-as-a-service

PPTX

Application layer attack trends through the lens of Cloudflare data

PPTX

Recent DDoS attack trends, and how you should respond

PPTX

Cybersecurity 2020 threat landscape and its implications (AMER)

PPTX

Strengthening security posture for modern-age SaaS providers

PPTX

Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks

PPTX

It’s 9AM... Do you know what’s happening on your network?

PPTX

Cyber security fundamentals (simplified chinese)

PPTX

Bring speed and security to the intranet with cloudflare for teams

PPTX

Accelerate your digital transformation

PPTX

Cyber security fundamentals (Cantonese)

Succeeding with Secure Access Service Edge (SASE)

Close your security gaps and get 100% of your traffic protected with Cloudflare

Why you should replace your d do s hardware appliance

Don't Let Bots Ruin Your Holiday Business - Snackable Webinar

Why Zero Trust Architecture Will Become the New Normal in 2021

HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...

Zero trust for everybody: 3 ways to get there fast

LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...

Network Transformation: What it is, and how it’s helping companies stay secur...

Scaling service provider business with DDoS-mitigation-as-a-service

Application layer attack trends through the lens of Cloudflare data

Recent DDoS attack trends, and how you should respond

Cybersecurity 2020 threat landscape and its implications (AMER)

Strengthening security posture for modern-age SaaS providers

Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks

It’s 9AM... Do you know what’s happening on your network?

Cyber security fundamentals (simplified chinese)

Bring speed and security to the intranet with cloudflare for teams

Accelerate your digital transformation

Cyber security fundamentals (Cantonese)

Recently uploaded (20)

PDF

Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...

PPTX

Digital-Transformation-Roadmap-for-Companies.pptx

David Malick Dieng

PDF

Reach Out and Touch Someone: Haptics and Empathic Computing

Mark Billinghurst

PDF

Build a system with the filesystem maintained by OSTree @ COSCUP 2025

PDF

Encapsulation theory and applications.pdf

PPT

“AI and Expert System Decision Support & Business Intelligence Systems”

ZubinRadhakrishnan

PDF

Encapsulation_ Review paper, used for researhc scholars

PDF

Empathic Computing: Creating Shared Understanding

Mark Billinghurst

PDF

7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf

PPTX

Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...

PDF

Unlocking AI with Model Context Protocol (MCP)

PPTX

KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx

muhammadmuneebnaeem7

PPTX

MYSQL Presentation for SQL database connectivity

PDF

NewMind AI Weekly Chronicles - August'25 Week I

PDF

cuic standard and advanced reporting.pdf

SimoneTitaniumTomase

PDF

Bridging biosciences and deep learning for revolutionary discoveries: a compr...

PDF

Approach and Philosophy of On baking technology

PPT

Teaching material agriculture food technology

PDF

Machine learning based COVID-19 study performance prediction

PDF

Chapter 3 Spatial Domain Image Processing.pdf

Getnet Tigabie Askale -(GM)

Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...

Digital-Transformation-Roadmap-for-Companies.pptx

David Malick Dieng

Reach Out and Touch Someone: Haptics and Empathic Computing

Mark Billinghurst

Build a system with the filesystem maintained by OSTree @ COSCUP 2025

Encapsulation theory and applications.pdf

“AI and Expert System Decision Support & Business Intelligence Systems”

ZubinRadhakrishnan

Encapsulation_ Review paper, used for researhc scholars

Empathic Computing: Creating Shared Understanding

Mark Billinghurst

7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf

Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...

Unlocking AI with Model Context Protocol (MCP)

KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx

muhammadmuneebnaeem7

MYSQL Presentation for SQL database connectivity

NewMind AI Weekly Chronicles - August'25 Week I

cuic standard and advanced reporting.pdf

SimoneTitaniumTomase

Bridging biosciences and deep learning for revolutionary discoveries: a compr...

Approach and Philosophy of On baking technology

Teaching material agriculture food technology

Machine learning based COVID-19 study performance prediction

Chapter 3 Spatial Domain Image Processing.pdf

Getnet Tigabie Askale -(GM)

CloudFlare DDoS attacks 101: what are they and how to protect your site?

1. Trey Guinn Solution Engineer, CloudFlare www.cloudﬂare.com DDoS 101

2. Distributed Denial of Service ! An attack coming from all many locations which overwhelms your resources and prevents you from serving legitimate customers.

3. Fake Pizza Orders

4. Variety of Attacks Volumetric Protocol Attacks Application Attacks

5. Real Life Example

8. Wednesday, March 20 ~75Gbps attack

9. 100Gbps Magic ceiling in DDoS attacks

10. March 24 – March 25 Peaks of the attack reached at least 309Gbps

11. dig ANY isc.org @63.217.84.76 +edns=0 +notcp +bufsize=4096

12. 64-byte query

13. $ dig ANY isc.org @63.217.84.76 +edns=0 +notcp +bufsize=4096

14. 3,363-byteresponse

15. Ampliﬁcation

16. 50x Ampliﬁcation factor

17. Attack Ampliﬁcation ! DNS - 50 x NTP - 200x Coming: SNMP - 650x

18. UDP = no handshake

19. Problem Ingredients: Networks that allows source IP spooﬁng + Servers that reply to “non-customers”

20. Good networks don’t let packets originate from IPs they don’t own (BCP38)

21. Not all networks are good

22. How common are these ingredients?

23. 28 million open resolvers

24. 24.6% networks allow spooﬁng

25. 10s of Millions Open NTP DNS servers

26. 1 attacker’s laptop controlling 5–7 compromised servers on 3 networks that allowed spooﬁng of 9Gbps DNS requests to 0.1% of open resolvers resulted in 300Gbps+ of DDoS attack trafﬁc. + + + +

27. How did we stop it?

31. Inherently “dilutes” the attack

32. 300Gbps 25 Anycasted PoPs 12 Gbps/PoP ÷

33. Make sure you’re not part of the problem…

34. Are you running open DNS resolvers?

35. Are you running open NTP servers?

36. Implement BCP38 (uRPF)

37. Trey Guinn Solution Engineer www.cloudﬂare.com