[coreymgilmore]

Something along the lines of CloudFlare could be an option here. However, if the attacker does indeed know the actual IP of the Bootcamp servers (and Bootcamp allows traffic from IPs other than CF) that point is moot.

Set up CF, only allow traffic from CF.

On another note, having CF monitor an attack like this could help them do more research into mitigating these attacks in general and allow them to try and hunt the attacker. They tend to make things like this public which would benefit everyone.

[devicenull]

I personally wouldn't do any business with cloudflare, while they're still hosting the various booter sites where you can pay to run these attacks.

[grey-area]

If you're going to make accusations like that, you should really back it up with extensive proof.

[devicenull]

http://krebsonsecurity.com/2014/02/the-new-normal-200-400-gb...

> As I noted in a talk I gave last summer with Lance James at the Black Hat security conference in Las Vegas, a funny thing happens when you decide to operate a DDoS-for-hire Web service: Your service becomes the target of attacks from competing DDoS-for-hire services. Hence, a majority of these services have chosen to avail themselves of Cloudflare’s free content distribution service, which generally does a pretty good job of negating this occupational hazard for the proprietors of DDoS services.

http://www.webhostingtalk.com/showthread.php?t=1235995 http://www.webhostingtalk.com/showthread.php?t=1285880 http://www.webhostingtalk.com/showthread.php?t=1182576

I could post more, but why bother?

[jackgavigan]

CloudFlare's CEO, Matthew Prince, has made his stance on this matter very clear:

CloudFlare is firm in our belief that our role is not that of Internet censor. There are tens of thousands of websites currently using CloudFlare's network. Some of them contain information I find troubling. Such is the nature of a free and open network and, as an organization that aims to make the whole Internet faster and safer, such inherently will be our ongoing struggle. While we will respect the laws of the jurisdictions in which we operate, we do not believe it is our decision to determine what content may and may not be published. That is a slippery slope down which we will not tread.

Source: http://blog.cloudflare.com/thoughts-on-abuse

As a result, both the Israeli Defence Forces and Hamas are CloudFlare customers. Unless one of their customers is doing something that is unambiguously illegal (e.g. hosting child pornography), CloudFlare won't cut them off just because they're doing something that some people regard as "bad".

It's a very principled stance and one that I respect.

[devicenull]

Well, do you believe that suppressing someone else's right to free speech is still free speech?

Information isn't really the question here. These aren't sites telling people how to conduct DDOS attacks, these are sites where you pay them, and they run a DDOS for you. This effectively silences someone until they either give up on their message, or sign up for expensive DDOS mitigation packages (or Cloudflare).

You may consider that to be free speech. I don't.

[jackgavigan]

CloudFlare aren't the Free Speech Police. It's clearly not their job to guarantee everyone's right to free speech. However, it would appear that they have decided that they will not deny their customers their right to free speech unless they're breaking the law. I respect that approach.

You clearly don't and you're entitled to your opinion.

[grey-area]

I could post more, but why bother?

The krebs story was interesting thanks, the forum posts less so. I understand why cloudflare are reluctant to start rejecting customers based on content, but surely it's illegal to sell DDOS services? Perhaps they should change their TOS to exclude any sites which sell attack tools/services, because it looks really bad for them to be protecting sites that promote DDOS, which then provides them with repeat business.

Are there still sites up protected by cloudflare which promote this sort of activity?

[PeterisP]

Sell service of running a DDoS for you? Probably illegal.

Selling attack tools, however, is explicitly legal in most places, it's just software just as a port-scanning tool, DeCSS or zero-day vulnerability data.

"Promoting this sort of activity" again is free speech issue, no matter what "that sort" is. For example, there are posts right here in HN that "promote this sort of activity", and it would be ridiculous if having such content is even close to allowing someone to take down a server.

In short, unless the actual site is performing illegal activities (implementing the DDoS or uploading childporn&stuff), I'd say that they're correct in explicitly ignoring whatever else the site is doing.

[grey-area]

Sorry, promote was a poor choice of words, I meant offer illegal services, not just talking about it or promoting it. I believe DDOS is illegal in many jurisdictions, and offering it for money more so. The allegation in the krebs article is:

a great many of today’s DDoS attacks are being launched or coordinated by the same individuals who are running DDoS-for-hire services (a.k.a “booters”) which are hiding behind Cloudflare’s own free cloud protection services.

I don't see Matthew Prince's post quoted above as a satisfactory response to this. This is morally and legally shady because cloudflare directly profit from the continued existence of DDOS, so they should be very careful to offer not a shred of evidence that they currently support people who carry out DDOS IMO, it would just be good business and current customers are going to get restless if they find cloudflare protects DDOS sites knowingly.

They've obviously taken a different stance (based on not wanting to filter customers on content), which I'm sympathetic to, but if the content is illegal and directly benefits them by facilitating more DDOS attacks, that equation changes.

[devicenull]

Yea. They don't really bother to take them down. Their logic is that the attack traffic isn't technically leaving via their network, so it's not their problem. Take a look at whois for the domains in that last forum link. Two of those domains are still pointed at cloudflare nameservers.

I'm sure there's tons more, but why bother compiling a list when nothing will change. If you're curious, a good place to look would be the hackforums 'DDOS as a service' section. I bet a lot of the active ones would go to cloudflare.

[coreymgilmore]

very interesting point. I agree that maybe an updated CF TOS could help quell this issue, but then again I don't think CF is going to dedicate too much time to vet out any potentially bad sites.

[bybjorn]

CloudFlare is hosting booter sites?

[xxdesmus]

CloudFlare does not host any website or it's content actually. They are not a web hosting service.

[devicenull]

Yea, see https://news.ycombinator.com/item?id=7459904