Bringing insights into TCP resets and timeouts to Cloudflare Radar
Cloudflare launched a dashboard and API for real-time insights into TCP connection resets and timeouts, revealing that 20% of connections face issues, potentially indicating malicious activity or network errors.
Read original article
Cloudflare has introduced a new dashboard and API endpoint on Cloudflare Radar that provides real-time insights into TCP connections that terminate unexpectedly, specifically those that close due to resets or timeouts. Approximately 20% of new TCP connections to Cloudflare's servers experience such issues, which can be indicative of various underlying problems, including scanning, connection tampering, and denial-of-service attacks. The dashboard categorizes these anomalous connections based on the stage of the TCP handshake at which they close, allowing for better analysis of potential causes. The study highlights that while some resets may stem from legitimate user actions, others could indicate malicious activity or network errors. The data aims to enhance transparency and accountability in network behavior, encouraging users to explore the dataset for insights into their own connections. Cloudflare emphasizes the importance of corroborating this passive data with other sources to understand the root causes of the anomalies better.
- Cloudflare's new dashboard provides insights into TCP connection resets and timeouts.
- About 20% of new TCP connections to Cloudflare experience resets or timeouts.
- Anomalous connections can indicate scanning, tampering, or denial-of-service attacks.
- The dataset categorizes connections based on the TCP handshake stage at which they close.
- Corroborating passive data with other sources is essential for understanding root causes.
Related
Threat actors quick to weaponize PoC exploits; 6.8% of all internet traffic DDoS
Hackers exploit PoC exploits within 22 minutes of release, leaving little time for defense. Cloudflare advises using AI for quick detection rules. DDoS attacks contribute to 6.8% of daily internet traffic, rising to 12% during major events.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a 7% increase in malicious internet traffic, linked to global events. Urges prompt vulnerability patching, emphasizes DDoS attacks, API security risks, and the need for proactive defense strategies.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a rise in malicious internet traffic, driven by global events. It emphasizes the need for timely patching against new vulnerabilities, notes a surge in DDoS attacks, stresses API security, and warns about harmful bot traffic. Organizations are urged to adopt robust security measures.
Threat Actor Abuses Cloudflare Tunnels to Deliver Rats
Proofpoint reported increased cybercriminal activity using Cloudflare Tunnels to deliver malware, particularly remote access trojans. Campaigns involve phishing emails and exploit temporary tunnels, necessitating adaptive cybersecurity defenses.
The backbone behind Cloudflare's Connectivity Cloud
Cloudflare has increased its backbone capacity by over 500% since 2021, operating data centers in 330 cities globally, utilizing advanced technologies for efficient data transfer and enhancing connectivity, especially in Africa.
4 commentsOnce again a discussion that covers RST injection attacks fails to consider the one case I actually saw in the wild ...
My observation involved long-lived (much longer than typical for HTTP) TCP connections with low-but-nonzero traffic (there was an application-layer heartbeat). For at least some US residential IPs (some with effectively static allocation) connected to a datacenter, they would reliably get RST injected (to the client only, not the server) after being connected long enough (usually a couple hours, but not any obvious pattern).
Related
Threat actors quick to weaponize PoC exploits; 6.8% of all internet traffic DDoS
Hackers exploit PoC exploits within 22 minutes of release, leaving little time for defense. Cloudflare advises using AI for quick detection rules. DDoS attacks contribute to 6.8% of daily internet traffic, rising to 12% during major events.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a 7% increase in malicious internet traffic, linked to global events. Urges prompt vulnerability patching, emphasizes DDoS attacks, API security risks, and the need for proactive defense strategies.
Cloudflare reports almost 7% of internet traffic is malicious
Cloudflare's report highlights a rise in malicious internet traffic, driven by global events. It emphasizes the need for timely patching against new vulnerabilities, notes a surge in DDoS attacks, stresses API security, and warns about harmful bot traffic. Organizations are urged to adopt robust security measures.
Threat Actor Abuses Cloudflare Tunnels to Deliver Rats
Proofpoint reported increased cybercriminal activity using Cloudflare Tunnels to deliver malware, particularly remote access trojans. Campaigns involve phishing emails and exploit temporary tunnels, necessitating adaptive cybersecurity defenses.
The backbone behind Cloudflare's Connectivity Cloud
Cloudflare has increased its backbone capacity by over 500% since 2021, operating data centers in 330 cities globally, utilizing advanced technologies for efficient data transfer and enhancing connectivity, especially in Africa.