[hughesey]

You can also potentially view the historical DNS A records for the domain to view the pre-Cloudflare IP at http://viewdns.info/iphistory/.

[tyingq]

If you're determimed, though, you just null route, or block, etc, everything other than Cloudflare inbound.

[pheldagryph]

For many, many DDoS scenarios this does not work. The spurious packets may saturate an upstream ISP, causing that ISP to unilaterally apply a null route or block for all packets for the targeted origin IP. No CloudFlare packets would arrive at all.

If one is concerned about DDoS, one should work with their ISPs on the plan of action for various scenarios. Finding out their procedures when ones' hair is on fire is not fun.

[topranks]

Well you're behind CloudFlare.

Just change your IP address, and tell CloudFlare the new one.

Sure the DDOSers could find your new IP, but it's not like changing your public DNS, it would be difficult for them to find it.

I don't think your SSL certs would show the new IP on the website in the blogpost very quickly if you changed IP.

[pheldagryph]

It's not so much about changing the IP address, but moving the targeted system out from behind the clogged tube. Changing IP address may or may not do that.

[bdibs]

It’s easier than you might think, I used to blackhole anything non-Cloudflare and they offer a list of their IP’s:

https://www.cloudflare.com/ips/