Why is Cloudflare protecting the DDoS'er (beamed.st) attacking Ubuntu servers?(infosec.exchange)

51 pointsby mystraline4 hours ago8 comments

Bender8 minutes ago
How do they know that behind the scenes Cloudflare has not handed over whatever IP and financial information they have on the attackers to the feds? AFAIK such things would not be disclosed until the attackers are locked up and the case is closed assuming such details are ever disclosed at all.
- ShowalkKama4 minutes ago
  because unless they are remarkably stupid they didn't pay with their own credit card. That doesn't mean that the information is necessarily useless but I'd not expect them to kick a door down any time soon.
  (Moreover since cloudflare has a free tier you could use their service while handing over only a single email)
byyll5 minutes ago
Because cloudflare is and always has been a bad actor. They protect all sorts of illegal stuff.
x86hacker1010an hour ago
This is the dumbest post I’ve read. The attackers have a site seemingly hosted by/orange clouded by Cloudflare. They aren’t providing botnet or DDOS capabilities. Cloudflare tries to act as a third party that follows the law when the law gets involved. They don’t want to actively police the internet in the same way they don’t actively abolish piracy (see Anna’s Archive). There are exceptions to this of course, but on average I don’t find it necessary for Cloudflare to knock down the site of the attackers because they sell illegal services. Isn’t this what HN bitches about anyways, CF being a centralised authority? Now you’re bitching that it’s not using its centralisation powers?
- byyll4 minutes ago
  > They don’t want to actively police the internet
  They do and they've done so in the past. They are just more okay with some illegal stuff than others.
9753268996433an hour ago
Because their entire racket is providing MITM and DDoS as a service.
HotGarbage4 hours ago
So Cloudflare can sell DDoS protection to Canonical.
- gruez3 hours ago
  They can't use the half-dozen other enterprise DDoS protection vendors out there?
zamadatix3 hours ago
The post seems skip explanation of what Cloudflare's involvement is?
- naikrovek3 hours ago
  read it.
  cloudflare hosts the attackers.
  - zamadatixan hour ago
    Sorry if I wasn't clear, when reading Taggart's post and subsequent chained comments and didn't see any explanation of what Cloudflare's involvement was.
    Am I missing something on how to see more of the original post perhaps? As a sanity check I did a ctrl+f on "hosts" on the page and didn't get a match but I suppose that wouldn't help if I'm not in the right place to see the rest of the content.
  - gruez3 hours ago
    >cloudflare hosts the attackers.
    No, they provide DDoS protection, but the actual servers are likely hosted on some random VPS somewhere.
    zamadatixan hour ago
    When I do a lookup on beamed.st I get an IP in 2606:4700::/32 which is currently advertised from AS13335 "Cloudflare, Inc."
    Edit: I now realize gruez meant the beamed.st site itself is behind Cloudflare DDoS, completing the loop to explaining what Cloudflare's involvement was :).
    two_handfulsan hour ago
    Yes that looks the same whether they provide DDoS protection or host.
    zamadatixan hour ago
    Ahhh, I completely misread who the DDoS protection was being provided to. Must be a slow day for me :). Thanks!
fragmede3 hours ago
and white supremacists, but not sex workers?
- gitowiec2 hours ago
  Lol
mike_d3 hours ago
Remember that Cloudflare does a MITM on every connection to every website they front.
CF not only protects them... they have real time intelligence on who is getting attacked, who is paying for it, and all the parameters of the attack (type, volume, duration, etc).
What would your sales team give for leads this hot?
- gruez3 hours ago
  >they have real time intelligence on [...] who is paying for it,
  This is credible as "amazon has real time intelligence on all their e-commerce competitors because they operate AWS".
  - jsiepkes2 hours ago
    It would be way more complex for AWS to look at data in VM's then for cloudflare to look at unencrypted HTTP traffic. Heck they probably already do for various monitoring.
    gruezan hour ago
    >It would be way more complex for AWS to look at data in VM's then for cloudflare to look at unencrypted HTTP traffic.
    Most enterprises aren't using AWS as a VPS provider. They're going to be using other products like API gateway, ELB, or WAF, all of which expose traffic for easy analysis. Even if for whatever reason they are, the pareto principle applies. They don't need to care about the long tail of e-commerece vendors out there, only the whales. For that, they can just get an intern (or nowadays, LLM) to dump out the disk and manually dissect whatever's on there.
  - stevenally2 hours ago
    It's true though, isn't it.... The question is do they use it?
- 3 hours ago
  undefined