There was mention that the Teleport tool no longer works after the bugfix of the underlying issue (calling other cf locations via Workers and an internal subnet). It seemed like the ability to query which caches HIT on the dye-test image relied on being able to call out to each other DC.
Without this control over the route (driving the probing of which caches were hit), the attack would no longer work, right?
Ah, the VPN deployment which probes from various geographies? It has limited coverage (according to author, about 54% of all Cloudflare datacenters) but still a sometimes-working attack, granted.
However, Cloudflare are known for being harsh on VPN exit points and the behavior of requesting the same (unique each pass) image from every geography and then never again, would probably look significantly suspicious, but yeah it seems not to be a priority for cloudflare at the moment.
Without this control over the route (driving the probing of which caches were hit), the attack would no longer work, right?