cloudflare hosting a ddos service?

• Previous message (by thread): cloudflare hosting a ddos service?
• Next message (by thread): cloudflare hosting a ddos service?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I read through the blog post, and it was an interesting window into how
Cloudflare operates. If I could be so bold as to raise this issue, however -

Specifically, this part

*Originally, when we would receive reports of phishing or malware we would
terminate the customers immediately. The challenge was that this didn't
actually solve the problem. Since we're just a proxy, not the host, us
terminating the customer doesn't make the harmful content disappear.
Terminating the site effectively just kicked the problem further down the
road, moving it off our network and onto someone else's.*

>From that paragraph, what I understand it as is that Cloudflare doesn't
want to terminate customers hosting illegal content / facilitating illegal
activities because if they do, that content will just move elsewhere. It
was an interesting parallel to one of the problems plaguing the internet
today - source address spoofing. More and more hosts are implementing
source address verification, but unfortunately there are still those that
still allow source address spoofing (and those hosts are sometimes used to
launch amplified DDoS attacks). However, reputable hosts don't make the
argument "We won't disallow source address spoofing because if we block it,
the customers will just go elsewhere". Reputable providers block it, and
try to get others to block the problem as well. The difference is that
Cloudflare is lax "because other people are lax, so it's pointless for us
to be strict".

That kind of logic is the same flawed logic that goes with "I shouldn't
vote, because no matter which way I vote my vote is insignificant". Sure,
as a single entity that's true - but if everybody thought that, we'd be in
a real pickle. Some problems are larger than what an individual faces, and
must be addressed by not just a single entity, but all the entities to whom
this problem affects - it is your responsibility to vote, a hosts
responsibility to disable source address verification (and help fight crime
on their network), and I'd argue it's Cloudflare's responsibility to help
stop abuse.

Just my 2C

On Tue, Jul 26, 2016 at 11:02 PM, Paras Jha <paras at protrafsolutions.com>
wrote:

> Justin,
>
> The only problem with that statement is that it's not true: if you did
> terminate service to them, the websites would go away. Maybe not today, but
> eventually. "Network stresser" owners are notorious for trying to take out
> the competition. Cloudflare provides free protection for these services to
> stay online. Most other ISPs wouldn't tolerate such shenanigans, whether it
> be for facilitating illegal activities or being on the receiving end of
> DDoS attacks, and would kick them off.
>
> On Tue, Jul 26, 2016 at 10:58 PM, Justin Paine <justin at cloudflare.com>
> wrote:
>
>> Folks,
>>
>> "For a long time their abuse@ alias was (literally) routed to /dev/null.
>> I'm not
>> sure whether that's still the case or whether they now ignore reports
>> manually."
>>
>> @Steve   It (literally) never was. :) The team I manage processes
>> reports all day
>> long. If you have a report to file certainly do so,
>> https://www.cloudflare.com/abuse
>>
>>
>> On the topic of booters:
>>
>> Short version -- As someone already mentioned, CloudFlare continues
>> not to be a hosting provider.
>>
>> Our CEO has broadly covered this topic several times.
>> https://blog.cloudflare.com/thoughts-on-abuse/
>>
>> Even if we removed our service the website does not go away, it
>> doesn't solve the problem if we temporarily stop providing DNS to the
>> domain(s). An often overlooked but extremely important note: there are
>> some situations where law
>> enforcement has required that we *not* terminate service to certain
>> websites. In those situations we are of course not allowed to discuss
>> specifics.
>>
>> ____________
>> Justin Paine
>> Head of Trust & Safety
>> CloudFlare Inc.
>> PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D
>>
>>
>> On Tue, Jul 26, 2016 at 7:42 PM, Paras Jha <paras at protrafsolutions.com>
>> wrote:
>> > A five minute Google search revealed this, which is just the tip of the
>> > iceberg
>> >
>> > booter.xyz
>> > exitus.to
>> > zstress.net
>> > critical-boot.com
>> > instress.club
>> > webstresser.co
>> > anonymousstresser.com
>> > rawdos.com
>> > kronosbooter.com
>> > alphastress.com
>> > synergy.so
>> > str3ssed.me
>> > layer7.pw
>> >
>> > There are probably hundreds
>> >
>> >
>> >
>> > On Tue, Jul 26, 2016 at 10:33 PM, Paras Jha <paras at protrafsolutions.com
>> >
>> > wrote:
>> >
>> >> This is quite common, almost all of the DDoS-for-hire services are
>> hosted
>> >> behind CloudFlare, and a great majority of them take PayPal. Another
>> one
>> >> had even managed to secure an EV SSL cert.
>> >>
>> >> On Tue, Jul 26, 2016 at 10:24 PM, Dovid Bender <dovid at telecurve.com>
>> >> wrote:
>> >>
>> >>> I used to have a boss that was convinced that MCafee was writing
>> viruses
>> >>> to stay in business....
>> >>>
>> >>> Regards,
>> >>>
>> >>> Dovid
>> >>>
>> >>> -----Original Message-----
>> >>> From: Phil Rosenthal <pr at isprime.com>
>> >>> Sender: "NANOG" <nanog-bounces at nanog.org>Date: Tue, 26 Jul 2016
>> 22:17:53
>> >>> To: jim deleskie<deleskie at gmail.com>
>> >>> Cc: NANOG list<nanog at nanog.org>
>> >>> Subject: Re: cloudflare hosting a ddos service?
>> >>>
>> >>> Plus, it’s good for business!
>> >>>
>> >>> -Phil
>> >>>
>> >>> > On Jul 26, 2016, at 10:14 PM, jim deleskie <deleskie at gmail.com>
>> wrote:
>> >>> >
>> >>> > sigh...
>> >>> >
>> >>> > On Tue, Jul 26, 2016 at 10:55 PM, Patrick W. Gilmore <
>> patrick at ianai.net
>> >>> >
>> >>> > wrote:
>> >>> >
>> >>> >> CloudFlare will claim they are not hosting the problem. They are
>> just
>> >>> >> hosting the web page that lets you pay for or points at or
>> otherwise
>> >>> >> directs you to the problem.
>> >>> >>
>> >>> >> The actual source of packets is some other IP address. Therefore,
>> they
>> >>> can
>> >>> >> keep hosting the web page. It is not sending the actual
>> >>> >> [spam|DDoS|hack|etc.], right? So stop asking them to do something
>> >>> about it!
>> >>> >>
>> >>> >> Whether you think that is the proper way to provide service on the
>> >>> >> Internet is left as an exercise to the reader.
>> >>> >>
>> >>> >> --
>> >>> >> TTFN,
>> >>> >> patrick
>> >>> >>
>> >>> >>> On Jul 26, 2016, at 9:49 PM, Mike <mike-nanog at tiedyenetworks.com>
>> >>> wrote:
>> >>> >>>
>> >>> >>> Hi,
>> >>> >>>
>> >>> >>>   So vbooter.org's dns and web is hosted by cloudflare?
>> >>> >>>
>> >>> >>> "Using vBooter you can take down home internet connections,
>> websites
>> >>> and
>> >>> >> game servers such us Minecraft, XBOX Live, PSN and many more."
>> >>> >>>
>> >>> >>>   dig -t ns vbooter.org
>> >>> >>>
>> >>> >>> ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -t ns vbooter.org
>> >>> >>> ;; global options: +cmd
>> >>> >>> ;; Got answer:
>> >>> >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62177
>> >>> >>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0,
>> ADDITIONAL: 1
>> >>> >>>
>> >>> >>> ;; OPT PSEUDOSECTION:
>> >>> >>> ; EDNS: version: 0, flags:; udp: 512
>> >>> >>> ;; QUESTION SECTION:
>> >>> >>> ;vbooter.org.            IN    NS
>> >>> >>>
>> >>> >>> ;; ANSWER SECTION:
>> >>> >>> vbooter.org.        21599    IN    NS    rick.ns.cloudflare.com.
>> >>> >>> vbooter.org.        21599    IN    NS    amy.ns.cloudflare.com.
>> >>> >>>
>> >>> >>> dig -t a www.vbooter.org
>> >>> >>>
>> >>> >>> ; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -t a www.vbooter.org
>> >>> >>> ;; global options: +cmd
>> >>> >>> ;; Got answer:
>> >>> >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34920
>> >>> >>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0,
>> ADDITIONAL: 1
>> >>> >>>
>> >>> >>> ;; OPT PSEUDOSECTION:
>> >>> >>> ; EDNS: version: 0, flags:; udp: 512
>> >>> >>> ;; QUESTION SECTION:
>> >>> >>> ;www.vbooter.org.        IN    A
>> >>> >>>
>> >>> >>> ;; ANSWER SECTION:
>> >>> >>> www.vbooter.org.    299    IN    CNAME    vbooter.org.
>> >>> >>> vbooter.org.        299    IN    A    104.28.13.7
>> >>> >>> vbooter.org.        299    IN    A    104.28.12.7
>> >>> >>>
>> >>> >>>
>> >>> >>>   Can anyone from cloudflare answer me why this fits with your
>> >>> business
>> >>> >> model?
>> >>> >>>
>> >>> >>> Mike-
>> >>> >>
>> >>> >>
>> >>>
>> >>>
>> >>
>> >>
>> >> --
>> >> Regards,
>> >> Paras
>> >>
>> >> President
>> >> ProTraf Solutions, LLC
>> >> Enterprise DDoS Mitigation
>> >>
>> >
>> >
>> >
>> > --
>> > Regards,
>> > Paras
>> >
>> > President
>> > ProTraf Solutions, LLC
>> > Enterprise DDoS Mitigation
>>
>
>
>
> --
> Regards,
> Paras
>
> President
> ProTraf Solutions, LLC
> Enterprise DDoS Mitigation
>



-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation

• Previous message (by thread): cloudflare hosting a ddos service?
• Next message (by thread): cloudflare hosting a ddos service?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]