Microsoft Azure fends off huge DDoS Attack:
Distributed Denial of Service (DDoS) attacks are happening ever more often and growing ever bigger. At 2.4 terabits per second (Tbps), the DDoS attack Microsoft just successfully defended European Azure cloud users against could be the biggest one to date.
What we know for certain is it's the biggest DDoS attack on an Azure cloud customer. It was bigger than the previous high, 2020's Azure 1 Tbps attack, and Microsoft reported it was "higher than any network volumetric event previously detected on Azure."
[...] Microsoft isn't saying which was used in this case but it did mention DNS. Attacks exploiting DNS can produce 28 to 54 times the original number of bytes. So, if an attacker sends a request payload of 64 bytes to a DNS server, they can generate over 3,400 bytes of unwanted traffic to an attack target.
While Microsoft also didn't go into detail about how it blocked the attack, the company said Azure's DDoS protection platform, built on distributed DDoS detection and mitigation pipelines, can absorb tens of terabits of DDoS attacks: "This aggregated, distributed mitigation capacity can massively scale to absorb the highest volume of DDoS threats, providing our customers the protection they need."
Related Stories
Hackers just launched the largest HTTPS DDoS attack in history:
The largest HTTPS distributed denial-of-service (DDoS) attack in history materialized last week, Cloudflare has confirmed.
As reported by Bleeping Computer, the company revealed that it recorded a 26 million requests per second distributed denial-of-service (DDoS) attack.
It should be stressed that this is an HTTPS-based DDoS attempt as opposed to the more traditional, standard DDoS attacks. In any case, the intended target was a Cloudflare client utilizing the service's Free plan.
[...] Interestingly, whoever was behind the attack managed to concentrate all its firepower with a botnet of 5,067 devices, which is a relatively small number considering the scale of the assault. Every single device was capable of delivering around 5,200 requests per second (rps) at its peak.
[...] Specifically, the botnet that was put to work in the unprecedented 26 million rps DDoS attack managed to deliver over an astronomical 212 million HTTPS requests within a period of just 30 seconds. This was achieved due to requests stemming from more than 1,500 networks located in 121 countries around the globe.
Tsunami of junk traffic that broke DDoS records delivered by tiniest of botnets:
The DDoS delivered 26 million HTTPS requests per second, breaking the previous record of 15.3 million requests for that protocol set only seven weeks ago, Cloudflare Product Manager Omer Yoachimik reported. Unlike more common DDoS payloads such as HTTP, SYN, or SYN-ACK packets, malicious HTTPS requests require considerably more computing resources for the attacker to deliver and for the defender or victim to absorb.
[Cloudflare Product Manager Omer] Yoachimik wrote:
The 26M rps DDoS attack originated from a small but powerful botnet of 5,067 devices. On average, each node generated approximately 5,200 rps at peak. To contrast the size of this botnet, we've been tracking another much larger but less powerful botnet of over 730,000 devices. The latter, larger botnet wasn't able to generate more than one million requests per second, i.e. roughly 1.3 requests per second on average per device. Putting it plainly, this botnet was, on average, 4,000 times stronger due to its use of virtual machines and servers.
[...] The Cloudflare product manager said that his company automatically detected and mitigated the attack against the customer, which was using Cloudflare's free service.
See also:
Cloudflare Just Mitigated One of the Most Powerful DDoS Attacks Ever
Microsoft Azure Customer Hit by Largest 3.47 Tbps DDoS Attack
Microsoft Azure Fends Off Huge DDoS Attack
(Score: -1, Spam) by Anonymous Coward on Wednesday October 13 2021, @12:36AM (1 child)
Whoa, no, Jews pissing off everybody and now poor Jewish interests are being questioned.
FUCK JEW SCUM
(Score: -1, Spam) by Anonymous Coward on Wednesday October 13 2021, @03:14AM
Wow, nazi incel wants his ass sucked?
Maybe he is just constipated! Why do I call it a he? Well c'mon, we all know it is some virgin chud angry at the world because no woman wants to touch his racist angry dough body. You don't have to be super sexy, you don't have to have a big dick, you just have to be a not-racist-piece-of-shit that makes women scared to be around you.
Best of luck you scummy fuck.
(Score: 5, Insightful) by stretch611 on Wednesday October 13 2021, @01:57AM (2 children)
From the Article:
So, other than tooting its own horn, Microsoft is not providing any details. It sounds more like marketing than a news story... We just protected against the largest ddos... but refuse to provide proof... but we can protect your website too if you buy our services and pay us for additional ddos protection.
Of course what do I know... I'm just an IT guy that distrusts M$ so much that there is not a single microsoft product on any device in my home network. I am sure all the Pointy-haired bosses out there are salivating over this story, believing but not understanding every one of the numbers used in this "story" and will ask the IT guys why they are not using Azure yet because it is the greatest.
Now with 5 covid vaccine shots/boosters altering my DNA :P
(Score: 1, Informative) by Anonymous Coward on Wednesday October 13 2021, @02:54AM
Maybe Microsoft just has a (confidential) contract with Cloudflare.
Back in the day, when MS was still calling Linux, "a cancer", If you did an OS fingerprint of www.microsoft.com (e.g., with nmap -A), it came back as running linux. MS was (quietly) using Akamai's reverse proxies to keep their IIS boxes from falling over.
(Score: 0) by Anonymous Coward on Wednesday October 13 2021, @05:13AM
But, who is going to protect them from Micro$erft??
(Score: 1) by shrewdsheep on Wednesday October 13 2021, @06:58AM (2 children)
This is more of a general question as no details seem to be given in this particular case. I believe that once a DDOS is detected, packets will be dropped at an entry point into the network. However, if 100k hosts from a large botnet participate such mitigation seems difficult, at least with a standard Linux network stack. How can mitigation be distributed? Your valuable insights are appreciated.
(Score: 3, Interesting) by Anonymous Coward on Wednesday October 13 2021, @08:29AM
That depends on the DDoS itself. One thing you have to keep in mind is that these providers have BIG pipes utilizing multiple physical links and different peers for the incoming traffic. The second is that the bigger the DDoS, the lower the level of the network stack where they operate or they utilize particular protocols that are prone to abuse. The third important factor is that the services providing the DDoS reflection usually doesn't appreciate being used that way and many will cooperate with your efforts or utilize their own protection. You can use all three of those factors to your advantage to mitigate DDoS attacks with the "how" depending on the particular attack in question.
Suffice to say, the easiest way to handle this is to add a source null route to your RIB and use BGP to forward that to providers upstream. Or if they are using a small number of servers or a very public one, a phone call to the AS technical contact can go a long way and sometimes they even call you first. Or you can use a link-layer drop rule on similar traffic. It really depends, but the hardware that handles large attacks usually don't use a software stack like a Linux firewall to directly analyze each and every packet.
(Score: 2, Funny) by Anonymous Coward on Wednesday October 13 2021, @11:30AM
>> How can mitigation be distributed? Your valuable insights are appreciated.
Clippy: I see you're trying to networking. Would you like to subscribe to Azure Cloud Services?
(Score: 4, Funny) by SomeGuy on Wednesday October 13 2021, @03:53PM (1 child)
So the real news here is that UNFORTUNATELY they survived.
Damn.
(Score: 1) by khallow on Wednesday October 13 2021, @04:18PM