We have come full circle since the attack against CloudFlare, and have a clearer picture of the 400Gbps DDoS attack, that occurred on February 10, 2014 in France. Fortunately, we have a reputable third party, Arbor Networks, confirming the attack took place, peaking at 325Gbps. In addition, French hosting company OVH.com, confirmed the attack was well above 350Gbps, and the offending IP’s traced back to their network.
One of the intended targets of the attack was security blogger Brian Krebs, who is apparently using CloudFlare. According to his blog, the attack on his website krebsonsecurity.com, measured at 200Gbps. Brian Krebs has a bulls eye on his back, and is hacker enemy #1. First thing that comes to mind, why doesn’t Akamai cut a deal with Brian Krebs, and get his website on the Intelligent Platform.
More than anything else, Krebs brings recognition and bragging rights to whoever is protecting him. “Krebs on Akamai”, would be a cool tagline, that would definitely make the attackers think twice before launching a futile attack that is likely to go nowhere. I don’t want to put Akamai on a pedestal, especially now that their market cap is a big $10B, but Akamai (Prolexic) is the #1 company best suited to fend off large DDoS attacks.
DDoS, the Bandwidth Hog
The 400Gbps DDoS attack is a whole lot of traffic, even for a CDN. What happens when DDoS attacks starts reaching 1Tbps? That leads to the question, does CloudFlare have enough bandwidth capacity to withstand a much bigger attack like 700Gbps?
One thing is certain, CloudFlare needs to dip its hands into the $50M piggy bank, and buy hundreds of Gbps of bandwidth from the likes of Level 3. If I were to take an educated guess, CloudFlare is pushing 750Gbps of bandwidth at any given moment. Since CloudFlare doesn’t stream video, or deliver VOD on a massive scale, they will be challenged to buy bandwidth at the lower pricing tiers that the Tier 1 CDNs enjoy; when buying bandwidth, economies of scale impacts the Mbps price.
To conclude, here is an interesting tidbit of information; it seems that a lot of the DDoS attacks are being launched by the same individuals that offer DDoS-for-hire services. These individuals are known as booters, and these booters are renting services from CloudFlare, to launch attacks against CloudFlare customers, according to Brian Krebs.
Of course, Prince (CEO) of CloudFlare, doesn’t agree with Krebs. Krebs is a very detailed oriented guy that doesn’t state facts without proof. If there is any shred of proof to this DDoS for-hire-services fiasco, CloudFlare brings new meaning to the phrases “stepping on your own toes” and “having your cake and eating it too”.