评论已经自动封存，请勿再发言论
声明: 下面的评论属于其发表者所有，不代表本站的观点和立场，我们不负责他们说什么。
&&此评论已被管理员删除。
(得分:0) 日 14时00分 星期三
(得分:0) 日 19时51分 星期三
(得分:0) 日 12时07分 星期四Cloudflare：中国超65万台智能手机被操控发动45亿次的DDoS攻击 | 互联网数据中心-199IT | 中文互联网数据研究资讯中心-199IT
199IT高端交流群现有2100+资深数据用户，最专业的讨论、最有价值的分享。
扫描微信二维码,数据随身查添加微信公共帐号： i199it欢迎关注：欢迎关注：CloudFlare公司遭遇超过400Gbps DDoS攻击 -
| 关注黑客与极客
CloudFlare公司遭遇超过400Gbps DDoS攻击
共158800人围观
，发现 13 个不明物体
还记得的 么？
更令人震精的分析数据来自CloudFlare。CloudFlare在 1月9日的官方博客上对NTP反射放大攻击也进行了分析。NTP反射放大攻击和DNS反射放大攻击有异曲同工之妙，都是基于不需要维护状态的UDP协议。对抗D稍有研究的人都会知道，虽然UDP Flood很简单，但是不是太好防——包括Cookie和CAPTCHA在内的所有客户端验证手段均将失效。CloudFlare提到用MAC终端发出的MON_GETLIST 请求包为234字节，返回包是4460字节（分拆成10个数据包），放大了19倍。
有朋友会说，19倍毛毛雨啦。事实上，CloudFlare测试的NTP服务器并非一台业务繁忙的服务器，4460字节返回的仅是55台主机的IP地址。在上文提到，一台业务繁忙的服务器会返回600台服务器IP。如果真的返回了600个IP，那么返回的数据包将是4460字节的10余倍。经放大后，将超过200倍！
&&&&OMG，200倍！这个数字你应该非常满意了。
事隔不久：
知名网络公司ClouldFlare表示遭到了超过400GbpsNTP反射式的DDoS攻击，并且在欧洲大部分地区平台上运行的服务受到了不同程度的影响，这次DDos攻击甚至使美国的一些基础设施受到了影响。
NTP反射攻击可以将攻击强度放大58.6倍，一个100Mbps的伪造NTP流量能导致攻击目标接收到5.8Gbps的恶意流量。
据微博爆料：
某大家熟悉的不能再熟悉的互联网巨头也遭受了NTP攻击，&不过那个可能不会上新闻
欢迎知情人时继续爆料。
必须您当前尚未登录。
必须（保密）
人在做 天在看
关注我们 分享每日精选文章TCP/IP 完全掌握了么？来看看 CloudFlare 的面试题_教育指南_百度教育攻略
长期以来，我们都会考察面试者一些有关 TCP/IP 协议族的犄角旮旯的问题。例如：IPv4 协议栈和 IPv6 协议栈的校验和算法有什么不同？ 每个工程师都要证明自己对于网络栈的全面理解。本着传统的TCP/IP 酒令的精神，在这里我想和诸位分享我在 CloudFlare 的自动缓解攻击系统工作的这几个月里，遇到的那些有关 TCP/IP 的奇葩问题。精彩内容，尽在百度攻略：CC BY-SA 2.0imagebyDaan Berg如果你不知道正确答案也不用担心，欢迎提出有趣的观点！有些问题的答案是显而易见的，而有些问题却没有直接的答案，而且还可能引起激烈的讨论。列出这些问题的目的是鼓励诸位捡起满是灰尘的 RFC 文档，激发起对网络栈内部工作原理的兴趣以及传播、分享我们如此依赖的协议的知识。精彩内容，尽在百度攻略：如果你想分享某个问题的答案，别忘了添加一条评论。你觉得自己完全了解 TCP/IP 协议族吗？让我们试试看：古老的问题精彩内容，尽在百度攻略：1）TCP 最小的端口号是多少?2）TCP 帧中有一个叫做 URG Pointer 的字段，什么时候会用到该字段？3）RST 包能有荷载么？精彩内容，尽在百度攻略：4）什么时候会用到 IPv6 里的“flow”字段？5）socket中的 IP_FREEBIND 选项有什么用？被遗忘奇葩问题精彩内容，尽在百度攻略：6）PSH 标志实际上有什么用？7）TCP 时间戳和 SYN Cookie 是如何协同工作的？8）“UDP” 包可以把校验和字段设置为0么？精彩内容，尽在百度攻略：9）TCP 的同时开放连接是如何工作的？真的能工作么？碎片处理和拥塞控制10）什么是愚笨窗口综合征（stupid window syndrome）？精彩内容，尽在百度攻略：11）TCP 头里的 CWE 和 ECE 标志有什么用？12）IP 头里的 ID 字段是什么？ID 字段必须和 DF 比特位一起完成什么工作？为什么有些 IP 包的 ID 字段不是零并且设置了 DF？新提议精彩内容，尽在百度攻略：13）SYN 包可以有荷载么？（提示：新RFC提案）14）SYN+ACK 包可以有荷载么？ICMP Path MTU精彩内容，尽在百度攻略：15）ICMP 包太大（packet-too-big ）的消息会由路由器返回，并且荷载里包含了原始包的一部分。Linux 系统中可接受的最小荷载长度是多少？16）当 ICMP包太大（packet-too-big ）的消息被中间路由返回时会包含这个路由的源IP。但在实际操作中，我们经常可以看到 ICMP 消息的源 IP 与原始包的目的 IP 相同。为什么会这样？Linux配置精彩内容，尽在百度攻略：17）Linux 有一个名为 “tcp_no_metrics_save” 的 sysctl 设置。它用于存储什么？存储多久？18）Linux 使用了两个队列来处理到达的 TCP 连接：SYN 队列和接收队列。SYN 队列长度是多少？19）如果 SYN 队列因变得很大而导致溢出，那么会发生什么？精彩内容，尽在百度攻略：路由相关最后：20）BGP bogons 是什么？为什么说它们现在只是个小问题？精彩内容，尽在百度攻略：21）TCP 有一个会添加 MD5 校验和到包中的扩展。该扩展什么时候起作用？22）IPv4 和 IPv6 的校验和算法有什么区别？Our Plans | Cloudflare
Cloudflare Pricing
Everyone’s Internet application can benefit from using Cloudflare.
Pick a plan that fits your needs.
Unmetered Mitigation of DDoS
Global CDN
Shared SSL certificate
3 page rules
We offer a Free plan for small personal websites, blogs, and anyone who wants to evaluate Cloudflare.
Our mission is to build a better Internet. We believe every website should have free access to foundational security and performance. Cloudflare's Free plan has no limit on the amount of bandwidth your visitors use or websites you
If you want to make your site even faster and more resilient, you can easily upgrade to one of our higher tier plans.
per website
Expand to see more
Unmetered Mitigation of DDoS
Global CDN
Shared SSL certificate
Access to account Audit Logs
3 page rules
per website
Expand to see more
Web application firewall (WAF) with Cloudflare rulesets
Image optimizations with Polish™
Mobile optimizations with Mirage™
I'm Under Attack™ mode
Access to account Audit Logs
20 page rules
per website
Expand to see more
Web application firewall (WAF) with 25 custom rulesets
Custom SSL certificate upload
PCI compliance thanks to Modern TLS Only mode and WAF
Bypass Cache on Cookie
Accelerate delivery of dynamic content with Railgun™
Prioritized email support
Access to account Audit Logs
50 page rules
contact us
Expand to see more
24/7/365 enterprise-grade phone, email, and chat support
100% uptime guarantee with 25x reimbursement SLA
Enterprise-grade DDoS protection with network prioritization
Advanced web application firewall (WAF) with unlimited custom rulesets
Multiuser role-based account access
Multiple custom SSL certificate uploads
Access to Raw Logs
Access to account Audit Logs
Dedicated solution and customer success engineers
Access to China CDN data centers (Additional Cost)
100 page rules
For personal websites, blogs, and anyone who wants to explore Cloudflare.
per domain
For professional websites, blogs, and portfolios
requiring basic security and performance.
per domain
For small eCommerce websites and businesses requiring
advanced security and performance, PCI compliance, and prioritized email support.
Contact Us
For companies requiring
enterprise-grade security and performance, prioritized 24/7/365 phone, email, or chat support, and
guaranteed uptime.
Unmetered Mitigation of DDoS
Global CDN
Shared SSL certificate
I'm Under Attack™ mode
Access to Cloudflare Apps
Access to account Audit Logs
3 Page Rules included
Web application firewall (WAF) with Cloudflare rulesets
Image optimizations with Polish™
Mobile optimizations with Mirage™
Access to account Audit Logs
20 Page Rules included
Web application firewall (WAF) with 25 custom rulesets
Custom SSL certificate upload
Bypass Cache on Cookie
PCI compliance thanks to Modern TLS Only mode and WAF
Accelerate delivery of dynamic content with Railgun™
Prioritized email support
Access to account Audit Logs
50 Page Rules included
24/7/365 enterprise-grade phone, email, and chat support
100% uptime guarantee with 25x reimbursement SLA
Enterprise-grade DDoS protection with network prioritization
Advanced web application firewall (WAF) with unlimited custom rulesets
Role-based account access
Multiple custom SSL certificate uploads
Access to Raw Logs
Access to account Audit Logs
Named solution and customer success engineers
Access to China data centers (additional cost)
100 Page Rules included
Get more from Cloudflare
Take your performance and security even further with Cloudflare’s paid add-ons for Free, Pro, and Business plans.
Dedicated SSL Certificate
Dedicated SSL Certificates are automatically generated and propagate throughout our global content delivery network, providing robust encryption, along with lightning fast performance and compatibility.
Additional Page Rules
Page Rules allow you to customize Cloudflare's functionality to match the unique needs of your domain or subdomain, helping to optimize speed, harden security, increase reliability, maximize bandwidth savings, and much more.
for 5 rules
Rate Limiting
Rate Limiting protects against denial-of-service attacks, brute-force password attempts, and other types of abusive behavior targeting the application layer.
per 10k good requests
Load Balancing
Load Balancing safeguards from service disruptions with local and global traffic load balancing, geographic routing, server health checks, and failover, ensuring the continuous availability of your critical resources.
Starting at $5 per month
Argo Smart Routing
Argo's smart routing algorithm uses real world network intelligence to route traffic through the fastest Cloudflare network paths, while maintaining open, secure connections to eliminate latency imposed by connection-setup.
Starting at $5 per month
Cloudflare Apps
Cloudflare Apps is a simple and powerful way for millions of site owners to get access to tools previously only available to technical experts. Site owners can use apps to make their site faster, more powerful, and better able to generate
Free for all plans
Expand all
Enterprise
Smart Routing
$5 First 5 GB are free and $0.10 per GB thereafter
$5 First 5 GB are free and $0.10 per GB thereafter
$5 First 5 GB are free and $0.10 per GB thereafter
Custom Pricing
Tiered Caching
Included with Argo activation
Included with Argo activation
Included with Argo activation
Free for Enterprise customers
Globally load balanced content delivery network (CDN)
Prioritized IP Ranges
Usage Based Pricing
First 500k DNS requests are free.
$.50 per every 500k DNS requests after
First 500k DNS requests are free.
$.50 per every 500k DNS requests after
First 500k DNS requests are free.
$.50 per every 500k DNS requests after
Custom Pricing
Up to 4 origin servers: $10/month.
Up to 6 origin servers: $15/month
Up to 4 origin servers: $10/month.
Up to 6 origin servers: $15/month
Up to 4 origin servers: $10/month.
Up to 6 origin servers: $15/month
Includes 6 - 100+ origin servers
Frequency of Health Checks
Every 30 seconds: $10/month.
Every 15 seconds: $15/month
Every 30 seconds: $10/month.
Every 15 seconds: $15/month
Every 30 seconds: $10/month.
Every 15 seconds: $15/month
Includes health checks every 5 seconds
Number of Health Check Locations
Up to 3 locations: $10/month.
Up to 5 locations: $15/month
Up to 3 locations: $10/month.
Up to 5 locations: $15/month
Up to 3 locations: $10/month.
Up to 5 locations: $15/month
Includes health checks from every Cloudflare data center
Global Load Balancing (Geo-Based Routing)
Enable for $10/month
Enable for $10/month
Enable for $10/month
Included with per-data center control
Automatic static content caching
Cache purge
Minimum edge cache expire TTL
30 minutes
30 seconds or less
Client maximum upload size
Railgun(TM) origin network optimizer
Purge by Cache-Tag
Purge by Host
Custom Cache Keys
Bypass Cache on Cookie only
Tiered Caching (See Argo)
Included with Argo activation
Included with Argo activation
Included with Argo activation
Free for Enterprise customers
Asynchronous Javascript Loading Rocket Loader(TM)
Image optimization with Polish(TM)
Mobile optimization with Mirage(TM)
IPv6 compatibility and gateway
HTTP/2 and SPDY
WebSockets
Page rules
RESTful API
Header Rewrites
Edge Side Code
Accelerated Mobile Links
Enterprise
Unmetered mitigation of volumetric DDoS
Enterprise-grade mitigation of DDoS
Advanced DDoS support
24/7/365 uptime
24/7/365 uptime
Sustained speeds via dedicated IP ranges
Emergency support engineer
Universal SSL/TLS 1.2 & 1.3 Encryption
Dedicated SSL / TLS
$5 for Dedicated SSL Certificate
$10 for Dedicated SSL Certificate with Custom Hostnames
$5 for Dedicated SSL Certificate
$10 for Dedicated SSL Certificate with Custom Hostnames
$5 for Dedicated SSL Certificate
$10 for Dedicated SSL Certificate with Custom Hostnames
Additional Cost
Certificate type
Cloudflare-issued
Cloudflare-issued
Cloudflare-issued or custom
Cloudflare-issued or custom
Opportunistic Encryption
Automatic HTTPS Rewrites
TLS Optimization
Activation time
Up to 24 hours
Browser support
Most modern browsers
All browsers
All browsers
All browsers
Keyless SSL
Additional Cost
Multiple custom SSL certificates
Additional Cost
TLS Client Auth
Additional Cost
SSL / TLS for SaaS Providers
Additional Cost
Web application firewall (WAF) with built-in Cloudflare rule set
OWASP ModSecurity Core Rule Set
Custom WAF rules
Deploy collective intelligence to identify new threats
Reputation-based threat protection
Comment spam protection
Content scraping protection
Block or Challenge Visitors
Block or challenge by IP address or AS number. Challenge by country code.
Block or challenge by IP address or AS number. Challenge by country code.
Block or challenge by IP Address or AS number. Challenge by country code.
Block or challenge by IP address, AS number, or country code.
BGP origin protection
Additional Cost
Role-based access with two-factor authentication
PCI DSS 3.2 Compliance
Rate Limiting Rules
Allowed sampling periods
1 second or 1 minute
1 second or 1 minute
1 second, 1 minute, or 10 minutes
Range of 1 second - 1 hour
Allowed timeout periods
1 minute or 1 hour
1 minute or 1 hour
1 minute, 1 hour, 24 hours
Range of 10 seconds - 24 hours
Live, Simulate
Live, Simulate
Live, Simulate
Control over http/s methods
Origin Response Code
Custom Response Body
HTML via Customize App
HTML, JSON, XML, TXT
HTML, JSON, XML, TXT
Allow Edge Traffic to Count
By action, rule, data center
First 10,000 good requests are free and $0.05 per 10,000 good requests thereafter
First 10,000 good requests are free and $0.05 per 10,000 good requests thereafter
First 10,000 good requests are free and $0.05 per 10,000 good requests thereafter
Contact Us
Enterprise
Global Anycast DNS
Easy DNS management
Wildcard DNS support
Full proxy
Client interface API
Custom Nameservers
China Network Access
Additional Cost
Always Online(TM)
Crawled weekly
Crawled every 3 days
Crawled daily
Crawled daily
Enterprise
Time Range
1 Hour Scope
15 Minute Scope
15 Minute Scope
1 Minute Scope
Bandwidth Saved
Threats Mitigated & Sources
Website Requests
Operational Metrics
Enterprise Log Share
Audit Logs
Historical Data
Up to 6 hours
Up to 24 hours
Up to 7 days
Up to 30 days
Dimension Filter
Response Code Only
Response Code, Data Center
Response Code, Data Center, Query Type, Day of Week
Response Code, Data Center, Query Type, Day of Week, Subdomain, Query Name, TCP, Query Size Bucket, Response Size Bucket
Metric Filter
Query Count Only
Query Count, Response Time Average
Query Count, Response Time Average, Response Time Median, Response Time (90th & 99th Percentile)
Query Count, Response Time Average, Response Time Median, Response Time (90th & 99th Percentile)
Geographic Visualization
Enterprise
24/7/365 Technical Support
Email only support with median response time of 13 hours
Email only support with median response time of 2 hours
Email only support with median response time of 25 minutes
Phone, chat, and email support with median response time of 15 minutes. For critical business issues, Enterprise customers have access to our 24/7/365 emergency phone support hotline
I'm Under Attack(TM) Enterprise support engineer
Named Customer Success Engineer
Named Solutions Engineer
Service Level Agreement
Enterprise Plus Service
Contact Cloudflare for additional details
Get started with our Enterprise plan.
Trusted By
Feel the Cloudflare Love
We've got more love to share on our
- Just discovered
apps, they are awesome!
- If you aren't using
's automatic SSL and HTTPS redirecting, you're likely wasting your own time
- We have now partnered with Cloudflare making all websites hosted with us faster & safer!
- Impressed by Warp
I was up and running as fast as I could copy paste the commands. ;)
to our friends, at
Thank you, for making the Internet a much-better place, for the entire World.
- Have been a customer for a few years and they just keep innovating. Amazing company and service.
- I think I’m a
fanboy. I’m as excited about their product releases as I am about new Apple products.
on all my websites, massive speed boost
- Implementing
was one of the easiest things I've done. Surprising how intuitive the whole thing is. Really well engineered.
- Another massive thanks to
for supporting the
Pwned Passwords, just did the math on how much it saved me - whoa!
- In other news,
just cost me $8.10 in last 30 days. Bargain of the century! Get your (speed) freak on.
- Nothing new, but still amazed how easy it is to set up https with a custom URL on
Pages using
are the best ! Great support today addressing my questions and changes I requested, very quickly with 100% success.
-Becoming a total
fan. What they offer even in their free package is beyond belief.
-Making a safer internet with
169,341 SSL requests served in the last 24 hours!
To provide you with the best possible experience on our website, we may use cookies, as described
By clicking accept, closing this banner, or continuing to browse our websites, you consent to the use of such cookies.}