Cloudflare Abuse Contact
Hi all, Does anyone have a cloudflare abuse contact? The email address in the whois doesn't actually go to their abuse team, and their abuse form doesn't address the issue we're seeing (a massive DNS flood). Thank you much! - Mike -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Hi Mike, cloudflare has a web form to report abuse https://abuse.cloudflare.com/ - Nick On 1/7/2022 11:06 AM, Mike Hale wrote:
Hi all,
Does anyone have a cloudflare abuse contact? The email address in the whois doesn't actually go to their abuse team, and their abuse form doesn't address the issue we're seeing (a massive DNS flood).
Thank you much!
- Mike
Hey guys, The abuse email sends an auto-responder that tells you to use the web form. The web form is centered around their web hosting business; I figured I'd try general, but you can't submit it without punching in a URL that is hosted by Cloudflare (and they validate it ... you can't do https://bogus.site). What I'm seeing is a ton of abusive DNS traffic that's causing some issues, and there's no abuse form that works for this scenario. - Mike On Fri, Jan 7, 2022 at 10:33 AM Nick Poulakos <nick@poulakos.com> wrote:
Hi Mike,
cloudflare has a web form to report abuse https://abuse.cloudflare.com/
- Nick
On 1/7/2022 11:06 AM, Mike Hale wrote:
Hi all,
Does anyone have a cloudflare abuse contact? The email address in the whois doesn't actually go to their abuse team, and their abuse form doesn't address the issue we're seeing (a massive DNS flood).
Thank you much!
- Mike
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Peace, On Fri, Jan 7, 2022 at 8:42 PM Mike Hale <eyeronic.design@gmail.com> wrote:
The abuse email sends an auto-responder that tells you to use the web form. The web form is centered around their web hosting business; I figured I'd try general, but you can't submit it without punching in a URL that is hosted by Cloudflare (and they validate it ... you can't do https://bogus.site).
What I'm seeing is a ton of abusive DNS traffic that's causing some issues, and there's no abuse form that works for this scenario.
Most probably, that means that the company doesn't have any counter abuse process whatsoever for requests like yours, so no matter where you push that, there won't be any action. Having said that, the aforementioned form accepts "https[: slash slash]cloudflare.com" as a valid URL so chances are requests to that URL are treated in the general sense. In the meantime, are you sure you'll be able to support your case with data? DNS is *mostly* a connection-less protocol, so how do you know these queries are coming from Cloudflare and not from a spoofed source? Lastly, have you tried to block the problematic Cloudflare IP range to see what would happen? E.g. does 1.1.1.1 still resolve your domains then, etc.? -- Töma
On 07/01/2022 21:35, Töma Gavrichenkov wrote: I would try noc@cloudflare.com based on: https://www.peeringdb.com/net/4224 Regards, Hank
Peace,
On Fri, Jan 7, 2022 at 8:42 PM Mike Hale <eyeronic.design@gmail.com> wrote:
The abuse email sends an auto-responder that tells you to use the web form. The web form is centered around their web hosting business; I figured I'd try general, but you can't submit it without punching in a URL that is hosted by Cloudflare (and they validate it ... you can't do https://bogus.site).
What I'm seeing is a ton of abusive DNS traffic that's causing some issues, and there's no abuse form that works for this scenario.
Most probably, that means that the company doesn't have any counter abuse process whatsoever for requests like yours, so no matter where you push that, there won't be any action.
Having said that, the aforementioned form accepts "https[: slash slash]cloudflare.com" as a valid URL so chances are requests to that URL are treated in the general sense.
In the meantime, are you sure you'll be able to support your case with data? DNS is *mostly* a connection-less protocol, so how do you know these queries are coming from Cloudflare and not from a spoofed source?
Lastly, have you tried to block the problematic Cloudflare IP range to see what would happen? E.g. does 1.1.1.1 still resolve your domains then, etc.?
-- Töma
On 1/7/2022 11:06 AM, Mike Hale wrote:
Cloudlfare might be able to help, but dns flood might be spoofed. It's possible that Cloudflare is not the one sending you that junk. Is it UDP DNS flood or it's some kind of DNS of TCP/Https? Jean the issue we're seeing (a massive DNS flood).
Hi Mike, Please reach out to me directly. Best, *Tanner Ryan *| Network Engineer Cloudflare, Inc. | as13335.peeringdb.com On Fri, Jan 7, 2022 at 2:39 PM Jean St-Laurent via NANOG <nanog@nanog.org> wrote:
Cloudlfare might be able to help, but dns flood might be spoofed.
It's possible that Cloudflare is not the one sending you that junk.
Is it UDP DNS flood or it's some kind of DNS of TCP/Https?
Jean
On 1/7/2022 11:06 AM, Mike Hale wrote: the issue we're seeing (a massive DNS flood).
On Fri, Jan 7, 2022 at 12:07 PM Mike Hale <eyeronic.design@gmail.com> wrote:
Hi all,
Does anyone have a cloudflare abuse contact? The email address in the whois doesn't actually go to their abuse team, and their abuse form
RAbuseHandle: ABUSE2916-ARIN RAbuseName: Abuse RAbusePhone: +1-650-319-8930 RAbuseEmail: abuse@cloudflare.com that doesn't end up in an actual abuse tracking system for them? Maybe it's the 'classic' problem of the abuse@ address getting spam-filtered happening?
doesn't address the issue we're seeing (a massive DNS flood).
Thank you much!
- Mike
-- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
participants (7)
-
Christopher Morrow
-
Hank Nussbacher
-
Jean St-Laurent
-
Mike Hale
-
Nick Poulakos
-
Tanner Ryan
-
Töma Gavrichenkov