TechPulseTechPulse
Back to News
Advertisement
Advertisement

⚡ Community Insights

Discussion Sentiment

50% Positive

Analyzed from 425 words in the discussion.

Trending Topics

#cloudflare#ddos#post#attackers#don#aws#site#using#protection#involvement

Discussion (18 Comments)Read Original on HackerNews

x86hacker101038 minutes ago
This is the dumbest post I’ve read. The attackers have a site seemingly hosted by/orange clouded by Cloudflare. They aren’t providing botnet or DDOS capabilities. Cloudflare tries to act as a third party that follows the law when the law gets involved. They don’t want to actively police the internet in the same way they don’t actively abolish piracy (see Anna’s Archive). There are exceptions to this of course, but on average I don’t find it necessary for Cloudflare to knock down the site of the attackers because they sell illegal services. Isn’t this what HN bitches about anyways, CF being a centralised authority? Now you’re bitching that it’s not using its centralisation powers?
9753268996433about 1 hour ago
Because their entire racket is providing MITM and DDoS as a service.
HotGarbageabout 3 hours ago
So Cloudflare can sell DDoS protection to Canonical.
gruezabout 3 hours ago
They can't use the half-dozen other enterprise DDoS protection vendors out there?
zamadatixabout 3 hours ago
The post seems skip explanation of what Cloudflare's involvement is?
naikrovekabout 2 hours ago
read it.

cloudflare hosts the attackers.

zamadatixabout 1 hour ago
Sorry if I wasn't clear, when reading Taggart's post and subsequent chained comments and didn't see any explanation of what Cloudflare's involvement was.

Am I missing something on how to see more of the original post perhaps? As a sanity check I did a ctrl+f on "hosts" on the page and didn't get a match but I suppose that wouldn't help if I'm not in the right place to see the rest of the content.

gruezabout 2 hours ago
>cloudflare hosts the attackers.

No, they provide DDoS protection, but the actual servers are likely hosted on some random VPS somewhere.

zamadatixabout 1 hour ago
When I do a lookup on beamed.st I get an IP in 2606:4700::/32 which is currently advertised from AS13335 "Cloudflare, Inc."

Edit: I now realize gruez meant the beamed.st site itself is behind Cloudflare DDoS, completing the loop to explaining what Cloudflare's involvement was :).

fragmedeabout 3 hours ago
and white supremacists, but not sex workers?
gitowiecabout 2 hours ago
Lol
mike_dabout 3 hours ago
Remember that Cloudflare does a MITM on every connection to every website they front.

CF not only protects them... they have real time intelligence on who is getting attacked, who is paying for it, and all the parameters of the attack (type, volume, duration, etc).

What would your sales team give for leads this hot?

gruezabout 3 hours ago
>they have real time intelligence on [...] who is paying for it,

This is credible as "amazon has real time intelligence on all their e-commerce competitors because they operate AWS".

jsiepkesabout 2 hours ago
It would be way more complex for AWS to look at data in VM's then for cloudflare to look at unencrypted HTTP traffic. Heck they probably already do for various monitoring.
gruezabout 1 hour ago
>It would be way more complex for AWS to look at data in VM's then for cloudflare to look at unencrypted HTTP traffic.

Most enterprises aren't using AWS as a VPS provider. They're going to be using other products like API gateway, ELB, or WAF, all of which expose traffic for easy analysis. Even if for whatever reason they are, the pareto principle applies. They don't need to care about the long tail of e-commerece vendors out there, only the whales. For that, they can just get an intern (or nowadays, LLM) to dump out the disk and manually dissect whatever's on there.

stevenallyabout 2 hours ago
It's true though, isn't it.... The question is do they use it?