Predrag K.’s Post

Cloudflare Details 1.1.1.1 Service Outage Incident: On June 27, 2024, Cloudflare experienced a disruption of its 1.1.1.1 DNS resolver service. This several-hour incident was caused by a combination of BGP (Border Gateway Protocol) hijacking and a route leak. The event led to a noticeable impact on users globally, with some unable to reach the service and others experiencing high latency. Incident […] The post Cloudflare Details 1.1.1.1 Service Outage Incident appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds. The web infrastructure and security company said it fended off "over one hundred hyper-volumetric L3/4 DDoS attacks throughout last month, with many exceeding 2 billion packets per second (Bpps) and 3 terabits per second (Tbps)." The hyper-volumetric L3/4 DDoS attacks have been ongoing since early September 2024, it noted, adding they targeted multiple customers in the financial services, Internet, and telecommunication industries. The activity has not been attributed to any specific threat actor. The previous record for the largest volumetric DDoS attack hit a peak throughput of 3.47 Tbps in November 2021, targeting an unnamed Microsoft Azure customer in Asia. Cybersecurity

According to Matthew Prince, the company’s CEO, the attack peaked at 3.8 terabits per second (#Tbps) and 2.14 billion packets per second (Pps). The attack was aimed at an unidentified customer of an unnamed #hosting provider that uses Cloudflare services. To put the numbers into context, the previous volumetric #DDoS record was set in late 2021, when Microsoft saw an attack that peaked at 3.47 Tbps and a packet rate of 340 million Pps. The biggest attack previously seen by Cloudflare peaked at 2.6 Tbps. In terms of just network protocol attacks, cloud provider OVHcloud in July 2024 reported seeing a record-breaking attack peaking at 840 million Pps. In terms of application layer DDoS attacks, HTTP/2 Rapid Reset holds the record, with the method being used to launch an attack that peaked at 398 million requests per second (Rps), according to Google ’s measurements. The record previously stood at 71 million Rps. Cloudflare and Amazon Web Services (AWS) also saw HTTP/2 Rapid Reset attacks roughly at the same time as Google, but the ones they observed peaked at only 201 million Rps and 155 million Rps, respectively. #network #cybersecurity #networklimits

This is a fantastic article by John Althouse. It does a deep dive on new security research into TCP Fingerprinting - JA4T. This builds tremendously on the previous research into TLS fingerprinting, JA4, which you now see being implemented in WAF solutions, such as AWS WAF. Fingerprinting TCP allows you to gain visibility into what devices are being used, whether the traffic is proxied, or even what cellular provider the device is on. This will enable firewalls to build more robust logic to protect against TLS as well as non-TLS traffic https://lnkd.in/ehtSxP8d

In November 2021, we saw the #3Tbps #DDoS volume barrier broken with a 3.47 Tbps attack. That stood still until last week when a record-breaking distributed denial-of-service (DDoS) attack that peaked at * 3.8 Tbps (terabits per second) * and lasted 65 seconds was reported by Cloudflare. Earlier this year, I posted about a new DDoS botnet being in the wild and that DDoS records are expected to be seen. Cloudflare isn't the only company seeing these massive attacks—Path Network, Inc reported a series of attacks peaking at 2.8Tbps, OVHcloud said it recently mitigated a record-breaking DDoS attack that reached #840million packets per second (Mpps), Akamai Technologies reported 1.3 Tbps, not so big compared with the others but still the third-largest volumetric DDoS attack recorded on their platform in the past four years. Other providers have faced similar threats recently. A common link between these events? A significant portion of the attack traffic appears to be coming from compromised #MikroTik devices with poor security. It seems like the organization behind this botnet is either stress-testing its capabilities against major DDoS mitigation providers or, more likely, selling it as a service already. Either way, it’s clear that the DDoS threat landscape is evolving rapidly. Stay vigilant, and ensure your network is prepared for these escalating threats. #networksecurity #cybercriminals #DDoSmitigation

I recently learned that the government is finally looking to enhance BGP security, which is great news! BGP is critical for routing data on the internet. Inherently, it has been vulnerable for a while for technical reasons and because it is so ubiquitous. It's good to see it finally getting the attention it deserves. I would step out there and say that BGP, DNS, and internet exchanges should be top security priorities. If the underlying infrastructure doesn't function properly, everything built on top of it is at risk. It's like a house with no foundation. #Cybersecurity #BGP #Infrastructure #CriticalInfrastructure #DNS

Both proxies and VPNs (Virtual Private Networks) are tools used to enhance privacy, security, and access to content on the internet, but they work differently and serve slightly different purposes. Here's a detailed comparison: __________________________________________ Proxy......... Proxy server acts as an intermediary between your device and the internet. When you connect to a proxy, your internet traffic is routed through the proxy server before reaching its destination. Proxy feature: IP Address Masking: A proxy can hide your IP address by substituting it with the IP address of the proxy server. Content Filtering: Proxies can be used to bypass geo-restrictions and access blocked content. Speed: Proxies generally have less overhead and can be faster than VPNs because they don't encrypt all your traffic. _________________________________________ VPN...... A VPN creates a secure, encrypted tunnel between your device and the VPN server. All your internet traffic is routed through this tunnel, making it much harder for anyone to intercept or monitor your data. Vpn features Encryption: VPNs encrypt all your internet traffic, providing a high level of security and privacy. IP Address Masking: Similar to proxies, VPNs hide your real IP address and replace it with the IP address of the VPN server. Comprehensive Protection: VPNs protect all traffic from your device, regardless of the application or protocol.

The White House has recently introduced a comprehensive plan to address security vulnerabilities within the Border Gateway Protocol (BGP). The plan, laid out by the Office of the National Cyber Director, emphasizes the critical need for network operators and service providers to implement measures that can protect BGP from potential abuse and configuration errors. This roadmap aims to enhance the overall security posture of the internet by providing actionable steps to mitigate risks associated with BGP manipulation and exploitation. By following the guidance outlined in the plan, organizations can effectively enhance the resilience and integrity of their networks against BGP-related threats. This strategic initiative underscores the importance of maintaining a secure and stable internet infrastructure in the face of evolving cyber threats. For more detailed information, please refer to the article:

The Great Security Protocol That Has Just Not Happened: Meet DNSSEC And, so we have flaws in our Internet protocols that need to be fixed. But is “just enough” security enough for something that provides the core service that runs the Internet: DNS (Domain Name Service)? One of the greatest threats is DNS cache poisoning, and where a malicious host can seed an incorrect domain name for the rest of the network. DNSSEC overcomes this by having a protected zone in which all the responses are digitally signed. DNS resolves can then check that the DNS information has been signed by one of the trusted hosts. For IPv4, we have run out of IP addresses and need to move to IPv6. But will the industry move at scale? The answer is generally “No”, as companies often do not want to disrupt their existing IPv4 networks. Basically, NAT (Network Address Translation) has solved this problem, and where there are over 30 billion devices connected to the Internet, but only use around three billion addresses. And, as with IPv6, the DNSSEC protocol has never really taken off. Why? Well, the SSL/TLS protocol provides some degree of security, as we can use PKI (Public Key Infrastructure) to authenticate the name servers that we connect to. With DNSSEC, we can digitally sign the records, and thus provide integrated trust for our lookups. Read more about DNSSEC:

The White House has recently introduced a comprehensive plan to address security vulnerabilities within the Border Gateway Protocol (BGP). The plan, laid out by the Office of the National Cyber Director, emphasizes the critical need for network operators and service providers to implement measures that can protect BGP from potential abuse and configuration errors. This roadmap aims to enhance the overall security posture of the internet by providing actionable steps to mitigate risks associated with BGP manipulation and exploitation. By following the guidance outlined in the plan, organizations can effectively enhance the resilience and integrity of their networks against BGP-related threats. This strategic initiative underscores the importance of maintaining a secure and stable internet infrastructure in the face of evolving cyber threats. For more detailed information, please refer to the article: