星期三 05 下午 十月 29o 2025
Read the latest posts - ”Measuring characteristics of TCP connections at Internet scale”
News from the Cloudflare Blog:
Wednesday, October 29, 2025
Measuring characteristics of TCP connections at Internet scale
Researchers and practitioners have been studying connections almost as long as the Internet that supports them. Today, Cloudflare’s global network receives millions of connections per second. We explore various characteristics of TCP connections, including lifetimes, sizes, and more.
By Suleman Ahmad
Wednesday, October 29, 2025
One IP address, many users: detecting CGNAT to reduce collateral effects
IPv4 scarcity drives widespread use of Carrier-Grade Network Address Translation, a practice in ISPs and mobile networks that places many users behind each IP address, along with their collected activity and volumes of traffic. We introduce the method we’ve developed to detect large-scale IP sharing globally and mitigate the issues that result.
By Vasilis Giotsas
Wednesday, October 29, 2025
How to build your own VPN, or: the history of WARP
WARP’s initial implementation resembled a VPN that allows Internet access through it. Here’s how we built it – and how you can, too.
By Chris Branch
Wednesday, October 29, 2025
Defending QUIC from acknowledgement-based DDoS attacks
We identified and patched two DDoS vulnerabilities in our QUIC implementation related to packet acknowledgements. Cloudflare customers were not affected. We examine the “Optimistic ACK” attack vector and our solution, which dynamically skips packet numbers to validate client behavior.
By Apoorv Kothari
Wednesday, October 29, 2025
So long, and thanks for all the fish: how to escape the Linux networking stack
Many products at Cloudflare aren’t possible without pushing the limits of network hardware and software to deliver improved performance, increased efficiency, or novel capabilities such as soft-unicast, our method for sharing IP subnets across data centers. Happily, most people do not need to know the intricacies of how your operating system handles network and Internet access in general. Yes, even most people within Cloudflare. But sometimes we try to push well beyond the design intentions of Linux’s networking stack. This is a story about one of those attempts.
By Chris Branch
Wednesday, October 29, 2025
Helping protect the 2025 Moldova elections
Cloudflare mitigated a 12-hour DDoS attack against Moldova’s Central Election Commission, blocking over 898 million malicious requests that peaked at 324,333 requests per second. This defense kept critical election infrastructure online and accessible for citizens during a critical parliamentary vote.
By Jocelyn Woolbright
Copyright © 2025 Cloudflare, Inc. 101 Townsend Street, San Francisco, CA 94107 www.cloudflare.com | Community | Unsubscrib
News from the Cloudflare Blog:
Wednesday, October 29, 2025
Measuring characteristics of TCP connections at Internet scale
Researchers and practitioners have been studying connections almost as long as the Internet that supports them. Today, Cloudflare’s global network receives millions of connections per second. We explore various characteristics of TCP connections, including lifetimes, sizes, and more.
By Suleman Ahmad
Wednesday, October 29, 2025
One IP address, many users: detecting CGNAT to reduce collateral effects
IPv4 scarcity drives widespread use of Carrier-Grade Network Address Translation, a practice in ISPs and mobile networks that places many users behind each IP address, along with their collected activity and volumes of traffic. We introduce the method we’ve developed to detect large-scale IP sharing globally and mitigate the issues that result.
By Vasilis Giotsas
Wednesday, October 29, 2025
How to build your own VPN, or: the history of WARP
WARP’s initial implementation resembled a VPN that allows Internet access through it. Here’s how we built it – and how you can, too.
By Chris Branch
Wednesday, October 29, 2025
Defending QUIC from acknowledgement-based DDoS attacks
We identified and patched two DDoS vulnerabilities in our QUIC implementation related to packet acknowledgements. Cloudflare customers were not affected. We examine the “Optimistic ACK” attack vector and our solution, which dynamically skips packet numbers to validate client behavior.
By Apoorv Kothari
Wednesday, October 29, 2025
So long, and thanks for all the fish: how to escape the Linux networking stack
Many products at Cloudflare aren’t possible without pushing the limits of network hardware and software to deliver improved performance, increased efficiency, or novel capabilities such as soft-unicast, our method for sharing IP subnets across data centers. Happily, most people do not need to know the intricacies of how your operating system handles network and Internet access in general. Yes, even most people within Cloudflare. But sometimes we try to push well beyond the design intentions of Linux’s networking stack. This is a story about one of those attempts.
By Chris Branch
Wednesday, October 29, 2025
Helping protect the 2025 Moldova elections
Cloudflare mitigated a 12-hour DDoS attack against Moldova’s Central Election Commission, blocking over 898 million malicious requests that peaked at 324,333 requests per second. This defense kept critical election infrastructure online and accessible for citizens during a critical parliamentary vote.
By Jocelyn Woolbright
Copyright © 2025 Cloudflare, Inc. 101 Townsend Street, San Francisco, CA 94107 www.cloudflare.com | Community | Unsubscrib
发布者