nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: cloudflare hosting a ddos service?

From: Paras Jha <paras () protrafsolutions com>
Date: Tue, 26 Jul 2016 23:02:02 -0400
Justin,

The only problem with that statement is that it's not true: if you did
terminate service to them, the websites would go away. Maybe not today, but
eventually. "Network stresser" owners are notorious for trying to take out
the competition. Cloudflare provides free protection for these services to
stay online. Most other ISPs wouldn't tolerate such shenanigans, whether it
be for facilitating illegal activities or being on the receiving end of
DDoS attacks, and would kick them off.

On Tue, Jul 26, 2016 at 10:58 PM, Justin Paine <justin () cloudflare com>
wrote:


Folks,

"For a long time their abuse@ alias was (literally) routed to /dev/null.
I'm not
sure whether that's still the case or whether they now ignore reports
manually."

@Steve   It (literally) never was. :) The team I manage processes
reports all day
long. If you have a report to file certainly do so,
https://www.cloudflare.com/abuse


On the topic of booters:

Short version -- As someone already mentioned, CloudFlare continues
not to be a hosting provider.

Our CEO has broadly covered this topic several times.
https://blog.cloudflare.com/thoughts-on-abuse/

Even if we removed our service the website does not go away, it
doesn't solve the problem if we temporarily stop providing DNS to the
domain(s). An often overlooked but extremely important note: there are
some situations where law
enforcement has required that we *not* terminate service to certain
websites. In those situations we are of course not allowed to discuss
specifics.

____________
Justin Paine
Head of Trust & Safety
CloudFlare Inc.
PGP: BBAA 6BCE 3305 7FD6 6452 7115 57B6 0114 DE0B 314D


On Tue, Jul 26, 2016 at 7:42 PM, Paras Jha <paras () protrafsolutions com>
wrote:

A five minute Google search revealed this, which is just the tip of the
iceberg

booter.xyz
exitus.to
zstress.net
critical-boot.com
instress.club
webstresser.co
anonymousstresser.com
rawdos.com
kronosbooter.com
alphastress.com
synergy.so
str3ssed.me
layer7.pw

There are probably hundreds



On Tue, Jul 26, 2016 at 10:33 PM, Paras Jha <paras () protrafsolutions com>
wrote:


This is quite common, almost all of the DDoS-for-hire services are

hosted

behind CloudFlare, and a great majority of them take PayPal. Another one
had even managed to secure an EV SSL cert.

On Tue, Jul 26, 2016 at 10:24 PM, Dovid Bender <dovid () telecurve com>
wrote:


I used to have a boss that was convinced that MCafee was writing

viruses

to stay in business....

Regards,

Dovid

-----Original Message-----
From: Phil Rosenthal <pr () isprime com>
Sender: "NANOG" <nanog-bounces () nanog org>Date: Tue, 26 Jul 2016

22:17:53

To: jim deleskie<deleskie () gmail com>
Cc: NANOG list<nanog () nanog org>
Subject: Re: cloudflare hosting a ddos service?

Plus, it’s good for business!

-Phil


On Jul 26, 2016, at 10:14 PM, jim deleskie <deleskie () gmail com>

wrote:


sigh...

On Tue, Jul 26, 2016 at 10:55 PM, Patrick W. Gilmore <

patrick () ianai net


wrote:


CloudFlare will claim they are not hosting the problem. They are

just

hosting the web page that lets you pay for or points at or otherwise
directs you to the problem.

The actual source of packets is some other IP address. Therefore,

they

can

keep hosting the web page. It is not sending the actual
[spam|DDoS|hack|etc.], right? So stop asking them to do something

about it!


Whether you think that is the proper way to provide service on the
Internet is left as an exercise to the reader.

--
TTFN,
patrick


On Jul 26, 2016, at 9:49 PM, Mike <mike-nanog () tiedyenetworks com>

wrote:


Hi,

  So vbooter.org's dns and web is hosted by cloudflare?

"Using vBooter you can take down home internet connections,

websites

and

game servers such us Minecraft, XBOX Live, PSN and many more."


  dig -t ns vbooter.org

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -t ns vbooter.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62177
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL:

1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;vbooter.org.            IN    NS

;; ANSWER SECTION:
vbooter.org.        21599    IN    NS    rick.ns.cloudflare.com.
vbooter.org.        21599    IN    NS    amy.ns.cloudflare.com.

dig -t a www.vbooter.org

; <<>> DiG 9.9.5-3ubuntu0.8-Ubuntu <<>> -t a www.vbooter.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34920
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL:

1


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.vbooter.org.        IN    A

;; ANSWER SECTION:
www.vbooter.org.    299    IN    CNAME    vbooter.org.
vbooter.org.        299    IN    A    104.28.13.7
vbooter.org.        299    IN    A    104.28.12.7


  Can anyone from cloudflare answer me why this fits with your

business

model?


Mike-









--
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation





--
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation






-- 
Regards,
Paras

President
ProTraf Solutions, LLC
Enterprise DDoS Mitigation
Previous By Date Next
Previous By Thread Next

Current thread: