[190776] in North American Network Operators' Group
Re: cloudflare hosting a ddos service?
daemon@ATHENA.MIT.EDU (Steve Atkins)
Tue Jul 26 23:28:26 2016
X-Original-To: nanog@nanog.org
From: Steve Atkins <steve@blighty.com>
In-Reply-To: <CABC6K17FFgHno3JJnMy_BngaJ3L7mPg5T7_hwouZp6Er_2UGFQ@mail.gmail.com>
Date: Tue, 26 Jul 2016 20:22:36 -0700
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
> On Jul 26, 2016, at 7:58 PM, Justin Paine <justin@cloudflare.com> =
wrote:
>=20
> Folks,
>=20
> "For a long time their abuse@ alias was (literally) routed to =
/dev/null. I'm not
> sure whether that's still the case or whether they now ignore reports =
manually."
>=20
> @Steve It (literally) never was. :)
Yes, it was. The smiley doesn't make your statement true.
> The team I manage processes
> reports all day
> long. If you have a report to file certainly do so,
> https://www.cloudflare.com/abuse
I gave up on doing that in late 2014 after reporting thousands of pieces =
of spam
advertising websites hosted by Cloudflare, with no action taken, no =
reply received,
no ticket created, *nothing*. Not in response to mail sent to =
abuse@cloudflare,
not in response to backchannel reports, not in response to mentions in =
person to
staff at conferences. (This was mostly people selling lists of credit =
card numbers
rather than booters, but it's the same sort of issue).
Just to see what had changed, I went back to look at the sites I =
reported to
Cloudflare in 2014. The couple I spot-checked are still hosted by =
Cloudflare.
Given that you (Cloudflare, rather than you personally) haven't changed
your policy of never terminating abusive websites you host then =
continuing to
report them to you seems fairly pointless.
>=20
>=20
> On the topic of booters:
>=20
> Short version -- As someone already mentioned, CloudFlare continues
> not to be a hosting provider.
That's untrue, of course. You terminate the http connection; you're
hosting the website; you're hiding the identity of any other operators
involved; you continue to serve the website even when the backing
server has been terminated. Adding an interstitial for sites hosting
malware is nice and all, but the problematic customers are the ones
that are selling access to those malware compromised machines.
You are taking sole responsibility by your actions, while denying all
responsibility in your public statements.
>=20
> Our CEO has broadly covered this topic several times.
> https://blog.cloudflare.com/thoughts-on-abuse/
>=20
> Even if we removed our service the website does not go away,it
> doesn't solve the problem if we temporarily stop providing DNS to the
> domain(s). An often overlooked but extremely important note: there are
> some situations where law
> enforcement has required that we *not* terminate service to certain
> websites. In those situations we are of course not allowed to discuss
> specifics.
Cheers,
Steve
