Back

Cloudflare Launches Programmable Flow Protection for Custom DDoS Mitigation

Severity: Low (Score: 24.9)

Sources: Blog.Cloudflare, Notebookcheck

Summary

Cloudflare has introduced Programmable Flow Protection, a new feature for Magic Transit customers aimed at enhancing DDoS mitigation for custom UDP protocols. This feature allows customers to upload their own stateful packet-processing programs written in C, which are then deployed as eBPF programs across Cloudflare's global network. The system is designed to address challenges in mitigating DDoS attacks targeting specialized UDP traffic used in gaming, VoIP, and streaming services. Currently, the feature is in closed beta and available as an add-on for Magic Transit deployments. It supports both asymmetric and symmetric topologies but only inspects ingress traffic. Configuration is managed through Cloudflare's API, facilitating the creation and management of custom mitigation rules. The introduction of this feature reflects Cloudflare's commitment to providing tailored security solutions for diverse network environments. Key Points: • Programmable Flow Protection allows custom DDoS mitigation for proprietary UDP protocols. • The feature is currently in closed beta and requires an additional cost for Magic Transit customers. • Customers can upload C-based programs to define packet handling logic for enhanced security.

Key Entities

  • DDoS (attack_type)
  • EBPF (platform)
  • Flowtrackd (platform)
  • Magic Transit (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed