Cloudflare DDoS Protection Service Downed By Anonymous Sudan.
On Thu Nov 09 20:40:37 UTC 2023, Cloudflares own website was hit by a DDoS attack claimed by Anonymous Sudan, using the "Stresser service" Skynet/Godzilla that recently incorporated support for Layer 7 (L7) DDoS attacks, specifically targeting the application layer.
Layer 7 DDoS attacks, inundate services with enormous volumes of requests, causing them to become unresponsive due to the inability to process such a high load.
Unlike reflection-based volumetric DNS amplification network layer attacks, that concentrate on bandwidth usage, layer 7 DDoS attacks put a great deal of stress on the targets’ servers and networks.
The owner sells his stresser service for:
- 100$ ↠↠ Access For One Day.
- 600$ ↠↠ Access For One Week.
- 1700$ ↠↠ Access For One Month.
Contact: @WilfordCEO via Telegram
Anonymous Sudan also posted:
"We have a Vulnerability/Exploit to bypass CloudFlare protection. Through it, you can take down any website using CloudFlare with very little power, as low as 10k requests per second can completely bring down the website.
For purchase: 5,000 USD"
The company Cloudflare are hosting their main site on a separate infrastructure, so the attack which lasted for less than an hour didn't cause any problems for any of its customers.
Cloudflare allows for their paid customers to create notifications that warn them when their sites are under a DDoS attack.
The company has always offered DDoS protection, but in 2020 they introduced a new feature for paying customers. Site monitoring for site owners and alerts via e-mail if your website is under active attack.
Cloudflare offers the following e-mail alerts !
- WAF/CDN: HTTP DDoS Alerts
- L3/L4 DDos Alerts
Through their network they serve over 64 million HTTP requests per second at peak and about 2.3 billion DNS queries every day. On average, they mitigate 140 billion cyber threats each day.