Name: Infrastructure Security: Block DDoS with Cloudflare
Uploaded: 2025-07-31T11:42:05.414Z
Duration: 30 min 8 s
Description: Infrastructure Security: Block DDoS with Cloudflare

Transcript for "Infrastructure Security: Block DDoS with Cloudflare": Good morning. Good afternoon, everyone. Thank you all for attending this webinar. My name is Mohammed, and I'm a virtual solution engineer here at Claflier. And today's survey, we will understand we'll discover together how you can protect your infrastructure and your corporate networks against DDoS attacks using Cloudflare services. So, we'll follow this agenda today. We'll first start by understanding why is it important to have cutting edge DDoS protection system for your corporate networks and how Cloudflare can help you in that regard. We also, take a high level view of Cloudflare Magic transit, which is a survey that is specially designed for DDoS protection at layer three and layer four. And, also, it's going to be a very, practical demo, so I will take the time to go to the dashboard to show you how to get started. We also simulate a live attack and see how the system will behave and mitigate the attacks or that in in the platform. Let's dive in. We've seen that in today's cybersecurity landscape, there are two main dealer trends that we need to be aware of regarding corporate network security. The first one is the volume of the attacks. Attacks are becoming more and more volumetric today, and that is mainly because of the ease, for, attackers to have compute capacity over their work networks. So, previously, it was about hijacking small IT devices. But today, it's very easy to rent, compute capacity, drop servers, and that will increase the volume of various attacks targeting your corporate networks. But those attacks are also becoming very, very sophisticated. Not just well known, simple virus attacks, but a combination of many different attacks that, are very difficult for traditional security appliances to, to to detect and to mitigate. Just to give you an idea, just in, in 2024 last year alone, CloudFront mitigated $6,900,000 attacks, and that's that represent an increase of 83% year over year, which is a huge number. And half of those attacks were, l 3, l $4 attacks coming from various TCP, DNS, UDP, fraud attacks, and also some others new type of attack that are not well known by legacy systems. Which means that today, more than more than ever, it's important to have a platform that can first massively absorb the large any large scale DDoS attack, but also protect your IP range against any kind of sophisticated l three, l four, data attack. And that's where Cloudflare comes in. Cloudflare is a connectivity cloud and a global cloud network, which stands in more than 300 cities where we have data centers located there. And today, we are offering security and performance to millions of, Internet properties, and that includes, websites, mobile apps, APIs, remote users, and also, corporate networks. And, on on average, 20% of the web properties sits behind flat flare. And every day, we block, more than 200,000,000,000 cyber threats. And we have a very big network capacity, which is estimated at 348 terabyte per second, which is still growing because we keep investing in our network to make it bigger, more performance, and also more resilient for the benefit of our customers. Just to give you an idea as well, in October 2024, CloudFront is to get the largest DDoS attack on record, which was a 5.6 terabyte per second UDP DDoS attack launched by Mirai virus botnet. And the attack lasted eighty second. It was going from, more than 13,000 IoT devices, and it was fully mitigated by CloudFront, distributed edge network defense. So our customer were, in peace without worrying about the impact that this attack could have on their customers. CloudFront as a shield was here to protect, and to mitigate the to the the whole attack, and and that's on behalf of our Magic Transit customers. So now let's have a look of Magic Transit, which is the service that is, behind that magic and helping to mitigate, detect, those DDoS attacks. But before going into the specifics, let's try to understand, what is the legacy approach for DDoS mitigation. So in many different, systems today, we see the the following architecture. So which mean that whenever there is an attack occurring to the network, all the traffic is routed to what we call, scrapping centers and, to clean and inspect the traffic and also let go of the legitimate traffic. And there is also an extra network hub, for l seven traffic inspection for WAF, CDN, and so on before reaching the customer data center. So this approach is working quite well outside, but, it adds, a big latency to the request as all the requests, both legitimate and attacks are going to those dedicated scribing center, before, being cleaned and reaching the data center. And those, scribing centers are kind of, specific in some regions of the world, and, and the customers need all to go through that. With Magic Transit, we have a different approach, to data mitigation. So traffic by platform Magic Transit is a DDoS and secure network traffic routing solution that is designed for on premise networks, data centers, and also cloud infrastructure. The idea here is that you route your IP subnet through Cloudflare, and then Cloudflare filters malicious traffic. That is the DDoS, protection system and also holds the a clean traffic to your, data center via a GRE or an IPSec tunnel. And the magic here, hence the name, magic stranded, is that it happened in in a any cast mode, which mean that all our point of presence are able to detect and mitigate the DDoS, attacks. So there is no need to route to specific scrubbing centers, and that adds a significant, user experience to your, request without needing to have an extra, latency to, to clean and and inspect the traffic for that. So let's put all that in in perspective via demo where we'll see on the dashboard, how to configure all this and, also have an a view over the analytics. And I will simulate a live attack to a specific network. And we will see how this stuff will respond and, how it will work. So here is my demo environment. I have, a corporate network, which is a a slash four, that is behind Cloudflare. So, it's linked, through, GR tunnel. And, also, my IP address is also announced, by Cloudflare via VGP. And, also, I will some virtual machines in from locations of the world to target my VM inside, my network to see how Kafka will be able to block the the traffic going from those VMs, but still let go of the legitimate traffic. So let's take a look over the dashboard. We see here that if you go to your dashboard and, once much transit is enabled, we can take a look over the here. So I have here the tunnel, which is, enabling to and which has helped them to have a link between my corporate network and Cloudflare. And as you can see here, I have two tunnels for high availability reasons. And, I also have here out, which is a kind of cloud flare to reach my, corporate network using those tunnels whenever there's an incoming request from the Internet. And, as mentioned, my IP range is also announced, to the public Internet, by today. So once we have this set up, we can take a look over the analytics. Let's remember, security by a good visibility of what's going on. So here, Cloudflare provide a very rich, analytics over what's going on to your network as well as you can see here, the traffic coming from, the your external customers. And here on the old traffic, we you can, see actually where the mitigation is coming from from actually, different, mitigation systems. We have here, for example, the DDoS managed rule set, the advanced, TCP protection, advanced DNS protection on how actually DeepGeo wants, to to have the analytics over what's going on. And, you can also inspect the the the traffic through the number of buckets flowing through your network. Also, you can also inspect based on the bandwidth per second that you're receiving. Here in this section, we have the executive summary. So over a specific time frame here that we filter on, you can actually know how many attacks you've received on your network and, its percentage, also from which countries it's coming it's coming from. And you have the possibility to filter based on, let's say, the last seven days, last thirty days, and it will update all dashboard automatically for you. So here we can see actually in this all all traffic, tab that's how which actually mitigation system was, able to detect, the, a specific, attack and, what was the action taken by Cloudflare. If it was dropped, the number of dropped packet, the number of packet that were able to go through the network, and we have deeper analytics here. So know that at Cloudflare, every request is is locked. So we can have here the time the request occurred, the action taken, which medic medication system weren't able to detect it, the source destination IP, and, many other informations. And, of course, you have the possibility to log all these data on your Fairbit log store or on your FedExField if you want to have deeper analytics. With that into account, let's now try to launch, the the attack on my network and see how this demo will behave and what will, happen behind. So just as a reminder, I have my slash 24, network behind Cloudflare, links to a GUI tunnel. And I will target my, VM here with this IP eight dot, twenty four dot eighty seven dot six, and I will, spawn many different VMs in different locations to target that maybe. So here, we can have we can see the two terminals that I have here. So this terminal is my, server inside my corporate network, At this terminal is my, actually, my laptop where I can, launch the attack from. So, for example, here, I can try to run, a packet capture here on on my server, actually to capture all the TCP connection going to that server in this specific port and just to see actually if it is working and, and I'm actually able to, to start the attack. So now from my laptop, I will try to, open TCP connection in that specific port to see if I'll be able to capture the traffic here. So, I will run this command, targeting the IP and also, the port that I'm listening to here. And we can see that past the version that the the command, I'm able here to capture the traffic. I have details amount and the the IP source, IP destination, the port that is that I'm using here, and, and all the different details. That's fine as of now. So, now I will use Terraform to spawn a set of virtual machines to kind of target this specific server. So we can take a look over my my configuration by using nano, and inspecting the variables here. So you can see, I have, as a custom variable, the I the IP of my of my machine here, and I have different types of attack that I can that I can launch. So we have here UDP for attacks, synced fluid, act fluid, reset flood. So but for this specific demo, I will just run a synced fluid and also a Prisma's fluid attack and see actually how it will go. So I will, stop, accept this, and then launch the, the Terraform command to actually respond the attack. So the idea is I will, create, five VMs in these specific locations, and the idea is to create a botnet. And each VM has a startup script, which will actually target this machine using that attack that I specified on the variables. So in a couple second, I will be able to launch the machine here. It's ongoing. And, we are still listening here to see what's happening. And we can see here, for example, that it has started to receive the the packets, and the machines are being created. And, and and what is interesting is that, the attack is meant to last fifteen minutes. And from all these, VMs in these, specific locations. But as you can see here, I'm not logged out of my terminal. I'm still able to to access, the machine. I can do comments while the attack is is ongoing. It's because Magic transit was able to actually detect that it's an attack and then block those, those buckets without having interruption over the legitimate users. For example, here, if I try to, open a new TCP, connection to my machine, I can see that I'm able to pass, with the legitimate, traffic while the attack is still ongoing because it has been detected, and it's actually been mitigated by, Magic transit. So let's see actually how it looks like on over the dashboard. So, I will refresh here, and, we can filter over the last thirty minutes to have a live view over over the the the attack going the attack that is ongoing here. And, it is, going to refresh the whole dashboard. Sorry. I will need to, exit and refresh it in. I have some issue with my Internet. So, yes, here we are. I filtered over the last, the previous thirty minutes to actually have more details about what is actually happening with my attack. And, I can also go deeper on the filters here, and and we can see that, actually, many of the packets are being dropped. And, as a few of them are pass are passing, which was which is actually the the the different behavior. So I can if I go down, I can see that. It's, mainly a TCP connection. It was made detected by the TCP connection. So I can go here on my TCP product and, and have a deeper analytics. Sorry. Okay. Let's let me just refresh and go to the privacy and, up to the dashboard. So yeah. Now I can, filter here just to, go inside the attack. And I can see that it's, mainly blocked by the DDoS Manas rule set, which was, which which is actually the case for me. So to know more about the attack and, and and what was the behavior of it, I can go inside this tab, the DDoS Manas ruleset as it is the system that was able to detect and mitigate the attack. And here we can see that it's actually a sin flood attack and a TCT flight flood, which is act which is exactly what I have, launched, from my script. And, it gives here more details about the number of packet that were dropped over the number of or total packet that it received in this specific time frame. Same for the bandwidth per per second as well. And, you can have deeper analytics over, which packets actually were dropped and, when it's, it was dropped and from which machine they're coming from the IP and which target IP it's it's it's targeted and, from which countries actually. Those requests are coming from us as mentioned. And, we can even detect which traffic detection center are actually mitigating the attack for you, which means that it's locally and, no need actually to go to specific scrubbing centers. They are mitigated near where they are originated from. And and here you have, more details, actually. The the the source IP I mean, of my butt letter and, the destination, IP address that is targeted and, the ISN and also the core that that the port that are targeted and many other informations that you can have. And you can see that they all have the same signature. Cloudera was able to detect it even if they're coming from different machines, and we can filter on that and get that. So now I will go back to the slides, and, we've we've been able to see that over this demo that, Cloudflare Magic transit can be your best, partner when it comes to protecting your corporate networks against DDoS attack. So it's a as you go service that you can, use from Cloudflare, and, it helps to detect, mitigate the DDoS attack even if they are coming from sophisticated sources as well. And, and you don't have any, scrubbing center I mean, any specific scrubbing center. Clafware is able to actually mitigate at at the edge of where it's coming from. And, we have a huge network with a big capacity so that you don't have to worry about the size of the attack, and you can also save costs without implementing it yourself. It's all other service handles by Cloudflare for you. So now as a next step, I highly encourage you to try it by yourselves, by creating free accounts on Cloudflare and also, testing the product. And if you have, specific, use cases, feel free to contact us. We can, put you in touch with our one of our experts to discuss deeper about your, your specific needs and also design together a a solution for you and, that you can implement for your cocoa networks. So with that, I thank you all for attending this webinar and wishing you a good rest of your day. Bye.