TLSv1.2 DDoS from cloudflare IPs

We have repeatedly been receiving ddos attacks with TLSv1.2 (http over TLS) packets from cloudflare IPs sized around a kb and totalling up to a gigabit of attack traffic giving some serious issues. The content is fully garbled so i am guessing that it is encrypted. Is there anything we could do to to block these (reflection?) attacks or dissect them from real traffic to cloudflares servers?

And yes: there were were thousands of these packets per minute so i doubt its in any way legit traffic.

Do you have a domain on Cloudflare?

Yes, but unrelated to this issue and that domein is not hosted on this machine.

So that would mean that someone with a Cloudflare account has put your IP address in their account, and their domain is getting DDoS’d. Only Support would be able to track this down.

To contact Cloudflare Customer Support, login & go to https://dash.cloudflare.com/?account=support and select get more help. If you receive an automatic response that does not help you, please reply and indicate you need more help.

2 Likes

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.