This is an old revision of the document!
Cloudflare/Voxility's DDoS protection can mangle SSL certs from specific domains (I noticed them doing this for let's encrypt):
$ openssl s_client -connect 172.65.32.248:443
It just hangs there with no certificate being issued.
Also DDoS has been known to mangle SMTP, NTP, and DNS packets. Watch out!