Thread 106543909

How do we take down this evil?

>>106543909 (OP)
by taking down third worlders internet that DDoS websites

>>106543931
You'll never convince me that Cloudflare doesn't hire third worlders to DDoS websites so that everybody will be forced to pay for their protection. Seriously. What motivation would random third worlders have to DDoS your website, other than to get you to pay for a Cloudflare subscription? And desu it's probably connected with various forms of glowniggotry as well. It ensures that the internet stays hyper-centralized and that websites which don't associate with Cloudflare can't stay online. It allows them to MITM all the internet's traffic.

Too big to fail. They control most of the internet. If something had to be done, it should've been done sooner. It's too late.

Figure out a way to protect from DDoS attacks without relying on Cloudflare.

>>106544230
Yes, I would be surprised if that wasn't the case.

>>106543909 (OP)
They're a necessary evil due to even greater evil out there. The evil of the uncivilized world.

>>106543909 (OP)
decentralized http(s) alternative.

>>106543909 (OP)
The internet is dead. We can only get the golden age back if we switch to one of the decentralized peer-to-peer nets

>>106544408
are there any of those that don't suck?

>>106544573
No, and the people using them suck too. That's what you have to choose between: The clean, fancy, fast, santized WWW full of normies and bots, or the shady underground private nets full of artists and schizos. Pick your poison

>>106544623
>artists
autists, of course. Artists are firmly part of the normiesphere and addicted to social media

>>106543909 (OP)
Use their real logo next time

>>106543909 (OP)
Mitigate them and block their IPs at the firewall level. Your posting on a cloudflared site BTW.

You must be autistic as fuck to care about this shit. I'm a sperg and it doesn't bother me at all; click and one fucking second it's gone.

>OH NO I HAD TO WAIT A FUCKING SECOND.

going out on a limb here, of all the evil big tech corpos cloudflare is one of the better ones. I'm sure this is not even their final form, but even their shitty captcha is much better than the google re-captcha of click these gorillion images showing a dragon dildo

>>106544754
Kek

Mesh networks

>>106544634
>>106544754
holy shit

>>106544754
Fucking lmao

>>106543909 (OP)
The only way cloudflare ever dies is for the internet to change in such a way that DDoS-ing is made impossible. In theory possible, practically improbable, an AI revolution is more likely than that ever happening. Maybe one day ISPs will have to add a geolocation protocol to the standard required for internet to work, but the incentives aren't there for ISPs to do that currently.

>>106544230
this
https://www.tastyfish.cz/lrs/antivirus_paradox.html

I know I can't proof the absense of DDoS attacks by Cloudflare, but I see no mention of those supposed attacks in the internal wiki/chats. I see no evidence of malicious operations of any kinds.

To answer the OP question,
>>106544257
this is the answer, duh.

>>106547306
>proof
prove ofc

>>106547306
one does not need proof, just rationale. not a single mega corporation exists today because of its good will to the people. not one single one.

>>106547462
People needed DDoS protection and CDN services even before 2009. It's not about goodwill, it's about serving an existing market better than the competition to get the money.

>>106547513
someone who believes that markets operate purely on supply/demand is not worth engaging with. you believe all the textbook capitalshit about competition breeding innovation, its just too naive to even begin to have a conversation.

>>106547513
No, before 2009 DDoS attacks were nowhere as prevalent as they became after clouflare launched.
And the DDoS protection you had before was some fail2ban scrip that auto-blocks with iptables.

>>106547558
Go on, present you theory.
I've seen people willingly choose to become Cloudflare customers just because they thought it is a good service.

>>106547618
what is good about it?

>>106547565
Yeah, and web hosting was done by FTPing some php files onto a random server, but now the great unseen powers make people use AWS and the like.

>>106547639
Exactly. A php script executed on every request. Super simple to DDoS.
Yet, this wasn't a threat before 2009.

Meanwhile nowadays everybody randomly get DDoSed. Why does some hobby website of a local chapel get DDoSed? Someone has to pay for the DDoS, they aren't free. Who goes: "wow, i really hate this hairdressers website and i need to kill it with a botnet of a million zombies!"
Who profits?

>>106547635
I'm not in the sales department, dunno what the current USP is.

>>106547661
Tell me the domains that were suspiciously DDoSed and I'll check if they are mentioned anywhere internally.

you won't like this, but the only way is to charge money for a connection to a destination webserver. This would likely require a replacement to IPv(4/6).

>>106547661
>>106547639
ask internally why pic related got nuked and wiped from the cloudflare support forum

>>106547679
the corporate damage control shill has arrived. pack it up boys, thread has made its point

The internet is in a state again where you can drop cloudflare without increasing your risk.
AI scrapers made it possible.
Cloudflare lets them pass through (despite claiming the opposite) and they rape you with requests. So you have to build a defense yourself anyway. And if you can deal with AI scrapers, you also can deal with 90% of DDoS attacks and the 10% that are left are only < 15min long.
A 15min downtime once a month in exchange for not using the MitM glowfag company is definitely worth it.

>>106547875
>A 15min downtime once a month in exchange for not using the MitM glowfag company is definitely worth it.
fir 99% of website operators, no it isn't

>>106543909 (OP)
You can't. The best you could do is shill alternatives to enough normies so they become a viable option. Maybe do a pewdipie and make a video talking about it and hope for the best. I recently came across Bunny shield which seems good enough. You're probably already familiar with Anubis or Go-away, which seem to kinda work too (unless you change your user agent to "curl" or something kek). Also whatever the kiwifags use.

>>106547814
Our shills don't pay attention to this cesspool afaik.

>>106547808
>cloudflare support forum
I have no clue how to navigate that forum, if I'll find anything related to your message before the thread dies I'll share the gist of my findings.

>>106547875
a 15 minute downtime once a month will drive away enough customers from your service to destroy your business.
Even a few seconds loading time in a web store decreases sales by 40-50%.

>>106548027
everything is business, customers, services with you corporate scum. i hope you die of slow burning ass cancer.

>>106548027
Increased loading times affect every customer, every time they navigate to a different page.
A 15 minutes outage only affects those customers who were accessing the site at that very specific moment.

Also, who is DDoSing small websites who aren't big enough to justify/afford extra infrastructure like geographically dispersed load balancers?

>>106548027
I hate people like you so goddamn much it's unreal

>>106547808
>>106548020
I see Anubis mentioned in the chat, but I give up, I see nothing related to your post anywhere and I'm not willing to directly ask the support team about a random 4chan user's ramblings. If you are a customer — you already know how to contact support, maybe they will give you some answer if you ask nicely. If you are a big customer — message Matthew directly.

>>106547995
There is already a plenty of viable alternatives, like Akamai.
Also, look at https://european-alternatives.eu/categories

>>106548027
it's still better than showing the cuckflare captcha on every visit, which is stealing much more time from you than 15min a month.

If anything, NOT having a cloudflare challenge portal is good for users.

>>106544257
I can make my own landing page that requires clicking a button so botnets can't DDoS me without an update specific to my setup.
I'll change/improve it as needed.

>>106548497
they can DDoS you just by loading your landing page.

>>106548520
Since it's such a small resource, my server will be able to keep up with the load with exponential backoff for repeat requests.

>>106544230
/thread

(I waited 120s for this, and also ticked a Cloudflare checkmark, lel.)

>>106543909 (OP)
it's being funded by israel money, so never. But what you can do is just not opt into their system.

>>106548567
From what I read in the previous threads, a strong enough ddos does not need any interaction on your part, they just flood your IP with garbage packets and that takes you offline, unless you have substantial infrastructure like Cloudflare's, which is apparently quite costly, to filter through and process all the garbage.

>>106548634
Also I think even residential IPs can be ddosed in this way, apparently used to be a common thing in video games where some skiddy would find your IP and take you offline by ddosing you. Some ISPs apparently even cancel you for getting ddosed, basically saying it's your fault for instigating a bad actor to ddos you.

>>106548634
This is correct. On a home Internet connection it is very easy to even do this to yourself completely by accident with multiple instances of peer-to-peer daemons that make loads of connections that fill up the available ports (there's only so many that can be re-used) and NAT tables (not applicable to IPv6 or a public server with a public IP but very applicable to a home Internet connection)

>>106543931
Bold of you to think they are two separate entities.

>>106546343
Damn, this wiki is the most based and at the same time the most retarded thing I've ever read in a long time.

>>106543909 (OP)
ask matthew prince to take it down at 101 Townsend St, San Francisco, CA, United States, 94107

>>106549034
>the most based and at the same time the most retarded thing I've ever read
Same. His page about privacy goes full retard, but there's one or two good pieces of info in the wiki.

>>106543909 (OP)
simultaneous nuclear attack against all their data centers

>>106548567
An exponential backoff is denying service, genius. How do you tell the difference between 4 million DDoS IPs and the 0-20 legitimate users?

>>106549079
I think with >>106546343 we're already approaching full retard levels.
>It is also a known phenomenon that many firefighters are passionate arsonists because society simply praises them for fighting fires (as opposed to rewarding them for the lack of fires).
Eh? Is that true? No citation given at least but most fire fighters are usually regarded as upstanding people (and now I don't have a source for this either, oops).
It's a surprise if true.

>>106548920
TCP/IP was simply not designed for low trust internet.

>>106547808
I can't read your screenshot, the contrast's too low. ViewHance can't salvage it either.

>>106549117
It works remarkably well at scale though, it's only at the macro level that we see these issues and there's not really any way of fixing them when you only have a single machine at your disposal and a limited speed Internet connection slower than an attackers combined botnet.

There are literally routing companies that exist solely to "clean" traffic or soak up an attack.

>>106543909 (OP)
block these on your router:
https://www.cloudflare.com/ips/
yes, most sites will stop working. nothing else you can do. companies love it, and normies don't care about being mitm'd by bigtech.

>>106549112
this is actually a very serious phenomenon in wildland firefighting
t. previous usfs employee

I had a think and basically even iptable blocking the third world isn't entirely effective. The packets have to get to your iptables rules to even get dropped. Say the device directly on the IP drops connections from the third world; it's all well and good until there's 5 million of them and it's taking in the packet, reading the IP header, checking the ruleset, and then deciding to drop the packet. Holding the packet in a buffer while it does so etc etc. I haven't done the napkin maths but I would wonder how much hardware you'd even need to cope with a couple million a second. Would even the intermediate infrastructure handle that? Your ISP hardware would get flooded too.
There's basically nothing you can do without big investment into intermediate hardware in a bunch of anti-ddos techniques. And that's where big, centralised services like cloudflare come in.

>>106549144
What is rolling around my head at the moment is if there's any fundamental redesign of networking technology, starting from the physical layer upwards, that could actually handle a coordinated DDoS attack. My initial instinct is to basically say.. no. Like I wrote above, even the lightest protocol possible would have to physically be spending time reading signals coming down the wires, which takes time. And a coordinated attack can just consume all the 'time' your hardware can use.

>>106548567
Kill yourself retard

>>106543909 (OP)
>evil
It's genuinely the best service on the entire internet, you can't even explain why you hate it, kys.

>>106547875
How do you people manage to be this retarded?

>>106549112
>>106549184
i will add some context
there were back to back fires my first two days of working
apparently, it happens often enough for them to launch an investigation on a new employee

>>106547661
>Someone has to pay for the DDoS, they aren't free.
Cloudflare is actually free
God, kill yourself you fucking moron

>>106549224
easy: it's a NSA honeypot designed to strip all encryption for the feds.

>>106549351
Source: my tinfoil hat

>>106549364
The NSA has done it to other big companies in the past. The assertion that they are likely to do it to cloudflare "for national security reasons" is perfectly reasonable.

>>106549364
he really doesn't know

>>106549364
Even AI slop knows it's true.
https://www.zdnet.com/article/fbi-withdrew-national-security-letter-after-cloudflare-lawsuit/

>>106549414
It literally says cloudflare won the lawsuit. Are you fucking retarded?

>>106549427
Which is the sole reason they were able to disclose it. What if they have lost similar closed court cases? What if they have received and complied with one without challenging it at all?

I know this is the US, but in recent times they don't even bother contesting the UK government anymore when they ask them to block access to certain sites. I would not put it past them at all to comply with some of these requests if an agency comes to them and says "We have this terrorist we want to find and they use Cloudflare. Can you help us?". You would never even know about it either, it could be going on right now.

>>106549459
That's also the FBI. If the NSA knocks and classifies the request as TOP SECRET NOFORN, you are not getting close to a court case without going to prison. Of course you don't actually have to comply with the NSA but they are persuasive.

>>106549112
It's real
>>106549139
Skill issue

>>106549459
And this is a point against Cloudflare specifically, how? People have to comply with law enforcement if they don't want to go to jail.

>>106543909 (OP)
What's a more trustworthy DNS i should be using?

>>106549530
>Skill issue
be helpful, not ableist

>>106549540
It's not a point against them at all, it's just something to know about instead of calling anyone a tinfoil hat for stating publicly available information. Yes, this is something that goes on. No, you probably won't hear about it so can't cite a source but there are established mechanisms to compel Cloudflare to do so.

It's not a point against them, I use Cloudflare myself, but I'd be daft to deny that they don't capture every single piece of information and have the ability to provide that to agencies on-demand if they so wish (or were compelled) to do so.

>>106549568
Their DNS is fine. The complaints in this thread are about their anti-DDoS service.

>>106549568
DNSCrypt Proxy.

>>106549599
>anti-DDoS service.
*reverse proxy service

>>106549599
>Their DNS is fine.

>>106549588
Yet the thread is about hating cloudflare when it's the feds you should be hating

>>106549668
That's ridiculous

>>106549668
That's their proxy. Their DNS supports DNSSEC. You can literally validate these responses locally to see if they're tampering with it.

>>106549568
your own, using Unbound

>>106549668
Literally a legal order from a retarded government. DNS is a clear-text protocol anyway is what I meant, no matter the provider it's gonna be intercepted and is at risk of being tampered with.
(Which IS where dnssec comes in but you gotta trust someone at some point)

>>106549588
Well this is a thread about how Cloudflare is somehow bad so I read that into your post. I don't really have a dog in this fight and don't care to stand up for big corpos like CF, but all we really have here is
>unsubstantiated claims that they ddos people in order to get them to use their free service and put more pressure on their infrastructure for no monetary gain
>the fact that they MITM people. Valid concern but this is necessary to provide their services and CF alternatives do the same. The only way to avoid this is to roll your own anti-ddos infrastructure and even then you will comply with law enforcement unless you want to go to prison
>the fact that they comply with law enforcement and even then use legal avenues to fight against it
>centralization, seems a lot of websites use CF. Apparently only 20% of the internet is routed through CF but seems like a lot more. Only valid concern imo.

>>106549568
if you are fine with feds knowing all your dns queries then cloudflare is pretty good.

>>106544230
this is the brain of a /g/ NIGGER gents

>>106549729
No, retard, it's the brain of a specific user, not everyone in total. Hasty generalization.

>>106549711
DNSSEC makes any tampering pretty evident because instead of a signed result that you can verify they will return SERVFAIL. This doesn't help you access the blocked domains (you need a resolver that doesn't comply with retarded governments, or even your own recursive resolver because retarded governments don't understand how DNS actually works) but it does preserve the integrity of the DNS and make it evident that it is being tampered with.

>Cloudflare
>literally stems from project Honey Pot
I don't know how can this be any more obvious.

>>106549859
>Prior to starting CloudFlare, Lee and I ran Project Honey Pot.

>>106549729
>no argument
everytime

>>106549188
Network devices don't perform packet operations in software or on the CPU. They use ASICs that are programmed by the device's OS with routing/forwarding tables.
A common edge router, the Cisco C8500 series, can push something like 45 million packets per second. Something like the Juniper MX240 might be used by a service provider for a small city PoP, and that can push something on the order of 1 billion packets per second.

> fundamental redesign of networking technology, starting from the physical layer upwards, that could actually handle a coordinated DDoS attack. My initial instinct is to basically say.. no
I agree. A DDoS is no different than a mob of 10,000 people descending upon a grocery store designed for 250 customers. The best thing you can do is have multiple front-ends geographically spread out so that the botnet has to split its efforts between 5 or 10 different targets. You also have the advantage of time. As long as you're not an incredibly easy target, someone is paying money for every minute of the attack.

>>106549325
Holy shit imagine thinking that you're being provided with a """free""" service where you're not the product and being profited off of in some way. Just give Cloudflare access to all of your server's encrypted traffic!

>>106543909 (OP)
>How do we take down this evil?
I don't know how. One can only hope that somehow it happens soon.

>>106549117
This, this is the core of the issue. We will need to replace IP. I don't want to replace IP, but we must if we are to have a free internet.

>>106550728
It won't/

>>106550891
>We will need to replace IP.
That's not possible.

>>106548520
>>106548567
People on the Tor network have been dealing with the "how to solve the DDoS issue in a decentralized and trustless landscape" thing for a long time, and they've come up with some interesting solutions. Look into how popular darknet markets keep themselves from being DDoS'ed using OnionBalance, PoW and EndGame. Maybe something similar could be adapted for the clearnet?

>>106550931
it is possible, it's just not probable.

>>106550974
It is literally impossible.

>>106550963
The problem is that it doesn't matter what you do after they connect to you, you can even just block all connections and they will still win. Layer 3 DDoS is real and happens. If they can reach your subnet, they win. We need to either punish members of botnets (willing or unwilling) or charge money to connect to your IP. The latter would allow DDoS to become profitable or cost-neutral, rather than an actual attack.

>>106551004
nigger you're retarded and what is impossible is you saying anything intelligent.

>>106551010
OK tell me something. Exactly how are YOU going to push ANYTHING over those physical wires strung to your house or apartment and make its way to the ISP in a non-IP based manner?

Go ahead. Tell me! Mr. Smarty McFarty. I don't need to waste my time with long answers on you. How about you give it a try. This is your moment. You now have infinite money. GO.

>>106551030
This has to be bait

>>106551080
Other anon here. He is making sense, it is clearly not bait

>>106551080
>>106551097
Hey, it's simple. Physical wires, whether copper or fiber, or even cellular. You aren't getting ANYTHING over there without IP. Even if you "proxy" it over. IP based. VPN? IP. Onion routing? Still uses IP. Usenet? IP. Dial-Up? IP.

You'll need to build your own Internet Provider and then you'll need to build your own completely separate infrastructure. Maybe you can build something for your apartment if you're the owner of the complex lot. Or your street if you somehow manage to get your neighborhood involved.

But beyond your city, and especially your state, and your COUNTRY?

It. Isn't. Happening.

>>106551136
Why did you reply to (Me)? i was agreeing with you.

>>106551146
I misclicked.

>>106551030
By starting an ISP that offers non-IP routing. There are other protocols for getting data around, like ATM.

>>106551161
>y starting an ISP that offers non-IP routing.
Alright, have fun with that. Good luck, please tell me how it goes!
>and he was never heard from again

>>106551136
>It. Isn't. Happening.
You don't know the difference between "impossible" and "improbable" so have a nice day, ESL-kun.

we give ipv4 to the thirdies then migrate white people to ipv6 then block ipv4 access to ipv6. simple

>>106543909 (OP)
>how do we take down the only thing keeping 4chan up
Go back to plebbit

>>106551161
At that point you might as well just deliver telephone service to your customers so they can dial in to BBS's at 1200 bps.
It's been like 25 years and IPv6 STILL hasn't replaced IPv4.

>>106551275
>It's been like 25 years and IPv6 STILL hasn't replaced IPv4.
because thirdies are fine with being behind six layers of NAT, they don't plan to contribute anything to the net anyway.

>>106551413
the same applies to 99% of firsties. all an average internet consoomer needs these days is a thumb, a screen and a neverending stream of slop.

>>106551194
>>106551275
first it was cloudflare shills, now ipv6 shills are joining in? jfc, this board really is just a marketing playground

>>106551554
>marketing
what could they possibly gain from shilling ipv6?

>>106544573
No

>>106551576
it includes hardware data in the address so they can farm your ass more efficiently.

It completely and permanently broke delay post functionality in 4chan xt, that alone is unforgivable.

>>106551600
can't you spoof it?

>>106551615
no, thats the entire point.

>>106551600
that's only for link-local addresses, they don't get used globally. MAC addresses are also not unique.

>>106551617
interesting, I need to read up on that.