Cloudflare is a leading provider of web hosting, DNS, and content delivery network (CDN) services. The company manages 101 data centers around the globe and manages 1Tbps of data capacity. It’s no doubt, then, that Cloudflare tends to see problems on the internet as quickly as anyone.
CloudFlare has recently been noticing an increase in distributed denial of service (DDoS) traffic that began on November 23, the day before the U.S. Thanksgiving Day holiday weekend kicked off. According to the Cloudflare blog, the company detected and then defeated the first in a series of attacks. It started at 10:30 a.m. PT and achieved 400Gbps in traffic before it shut down at 7 p.m. PT.
The attacker continued this pattern for the next few days, starting at around the same time, and quitting for the day at around the same time in the early evening. As Cloudflare puts it, it’s as if the attacker is unwilling to work overtime.
The attacks have all peaked at around the same 400Gbps or so in traffic. Cloudflare notes that they do not appear to be using the Mirai botnet that was involved in the massive internet outage that struck on October 21. Cloudflare doesn’t indicate who is responsible for the ongoing DDoS attacks on its infrastructure, or what tools they’re using. It does, however, isolate the attacks as being concentrated on the U.S. West Coast.
So far, the attacks haven’t affected Cloudflare’s customers. More recently, the attacker appears to have moved on from a regular workday schedule to an around-the-clock schedule. One can only hope that this isn’t the precursor to a more devastating attack that might actually impact paying customers.