Cloudflare used to (D)DoS my non-HTTP game server

Hi,

I’m running a game server on port 51000. Somehow, someone is spamming our server application listening on that port on TCP with connections coming from IP’s owned by Cloudflare.

How is this possible? Cloudflare doesn’t forward requests to non-HTTP ports, I even checked if he did it with Workers, but raw TCP isn’t allowed there either.

So does he have a Enterprise account with this ability, or what? Because from what I can see only Enterprise allows something like this.

The Cloudflare IP’s that are attacking me are the one’s that start with “8.”. Apparently these are not the ones that are used in normal website traffic (see that list here: https://www.cloudflare.com/ips/ )

A few of the Cloudflare-owned IP’s that attacked me:
8.6.145.30
8.42.172.197
8.44.59.148
8.46.117.7

It’s way more, it kept changing, so I had to blocked the whole cloudflare ASN in firewall.

Total list of Cloudflare IP’s: https://ipinfo.io/AS13335

So yeah, how does he do it?

Thank you for reading.

Those are IPs from the Warp VPN product. They’re not on the IPs page since you should not whitelist them.

2 Likes

Great, thanks for letting me know.

I guess he built some custom web page to (d)dos or mobile app that keeps spamming connections. And apparently Warp VPN conveniently changes his IP every request or something. How nice for spammers :smiley:

All good, I’ll keep that 8 range blocked.

Blocking Warp VPN IPs may mean that some people trying to play your game with Warp VPN will not be able to connect.

This topic was automatically closed after 30 days. New replies are no longer allowed.