Home / Companies / Cloudflare / Blog / February 2014

February 2014 Summaries

7 posts from Cloudflare

Filter
Month: Year:
Post Summaries Back to Blog
CloudFlare has adopted Cap'n Proto, a new serialization protocol, for its data centers worldwide due to its high performance compared to other serialization projects like JSON and Protocol Buffers. The company developed lua-capnproto, an open source Lua module for Cap'n Proto, as there was no existing one. This module provides fast data serialization and a simple API. It has been successfully implemented in production at CloudFlare. The author of the article also shared how to use lua-capnproto for serialization and deserialization, along with performance benchmarks comparing it to lua-cjson.
Feb 28, 2014 1,198 words in the original blog post.
On February 27, 2014, CloudFlare published its first complete Transparency Report on governmental requests, coinciding with TrustyCon. The report details the number of subpoenas, court orders, search warrants, pen register/trap and trace (PRTT) orders, and national security orders received by CloudFlare in 2013, as well as how many domains and accounts were affected by their response to these requests. The report does not include non-governmental requests. In total, the governmental requests affected less than 0.017% of CloudFlare's more than 2 million customer domains. As a global network provider, CloudFlare is committed to protecting its customers' information and privacy, and updates this report on a semiannual basis at Transparency Report.
Feb 27, 2014 228 words in the original blog post.
On February 24, 2014, Matthew Prince announced that Cloudflare had acquired anti-malware firm StopTheHacker to enhance its network security and ensure it is not used for malware distribution. The partnership aimed at providing better protection against existing infections when websites first sign up with Cloudflare. Since StopTheHacker's malware scanning service was already available through the Cloudflare Apps Marketplace, this acquisition would strengthen their collaboration and improve customer experience. The integration of both services would enable immediate remediation of malware and vulnerabilities, providing instant patching services to clean up infections and eliminate vulnerabilities without waiting for code changes.
Feb 24, 2014 502 words in the original blog post.
On February 10th, CloudFlare experienced a massive DDoS attack with nearly 400Gbps of NTP attack traffic hitting their network. They were not the only ones affected; OVH reported a similar-sized attack around the same time. After the attack, they published a list of networks involved in hopes that they would fix the problem. The results have been encouraging: more than 75% of the vulnerable servers are now no longer vulnerable after just over a week and a half. Network administrators worldwide have taken notice and are closing down vulnerable NTP servers to prevent future attacks.
Feb 23, 2014 390 words in the original blog post.
In June 2012, CloudFlare started a beta rollout of Google's SPDY protocol, which was designed to speed up web sites. Since then, the company has been closely monitoring the evolution of SPDY and its newer version QUIC. In August 2012, they rolled out SPDY for all their customers as a one-click configuration option. As of last week, CloudFlare has started using the latest version of SPDY, 3.1, which is supported by Google Chrome and Mozilla Firefox. The key advantage of SPDY is its ability to multiplex many HTTP request streams onto a single TCP connection. In addition, they have also started experimenting with QUIC, a protocol that uses UDP as its underlying transport. CloudFlare plans to make QUIC available for their customers once it moves from experimental to beta status.
Feb 17, 2014 556 words in the original blog post.
Cloudflare introduces Full SSL (Strict) feature to enhance the security of customers' websites by validating the identity of the origin server. This prevents active snooping and modification of traffic on the Internet backbone. The new option is available for all paying customers, offering an additional layer of protection against on-path attacks. Cloudflare also upgraded its open source web server/reverse proxy called nginx to enable origin certificate validation and support SNI (Server Name Identification).
Feb 14, 2014 1,319 words in the original blog post.
On February 13, 2014, Cloudflare mitigated a large-scale NTP amplification DDoS attack that targeted one of its customers and peaked at nearly 400Gbps. This was the largest such attack observed by them using this method. The attack leveraged 4,529 NTP servers running on 1,298 different networks to generate approximately 400Gbps of traffic. NTP amplification attacks exploit Network Time Protocol (NTP) servers that support the MONLIST command and allow source IP address spoofing. The high amplification factor allows a smaller number of NTP servers to generate very large attacks compared to DNS amplification attacks. Cloudflare has not published the full list of NTP servers involved in the attack but is reaching out to network operators to encourage them to restrict access to their NTP servers and disable the MONLIST command. Network administrators are advised to follow BCP38 and prevent source IP address spoofing on their networks, as well as check for open NTP servers that support the MONLIST command.
Feb 13, 2014 1,227 words in the original blog post.