SoylentNews is people
SoylentNews
Microsoft Azure fends off huge DDoS Attack:
Distributed Denial of Service (DDoS) attacks are happening ever more often and growing ever bigger. At 2.4 terabits per second (Tbps), the DDoS attack Microsoft just successfully defended European Azure cloud users against could be the biggest one to date.
What we know for certain is it's the biggest DDoS attack on an Azure cloud customer. It was bigger than the previous high, 2020's Azure 1 Tbps attack, and Microsoft reported it was "higher than any network volumetric event previously detected on Azure."
[...] Microsoft isn't saying which was used in this case but it did mention DNS. Attacks exploiting DNS can produce 28 to 54 times the original number of bytes. So, if an attacker sends a request payload of 64 bytes to a DNS server, they can generate over 3,400 bytes of unwanted traffic to an attack target.
While Microsoft also didn't go into detail about how it blocked the attack, the company said Azure's DDoS protection platform, built on distributed DDoS detection and mitigation pipelines, can absorb tens of terabits of DDoS attacks: "This aggregated, distributed mitigation capacity can massively scale to absorb the highest volume of DDoS threats, providing our customers the protection they need."
(Score: 3, Interesting) by Anonymous Coward on Wednesday October 13 2021, @08:29AM
That depends on the DDoS itself. One thing you have to keep in mind is that these providers have BIG pipes utilizing multiple physical links and different peers for the incoming traffic. The second is that the bigger the DDoS, the lower the level of the network stack where they operate or they utilize particular protocols that are prone to abuse. The third important factor is that the services providing the DDoS reflection usually doesn't appreciate being used that way and many will cooperate with your efforts or utilize their own protection. You can use all three of those factors to your advantage to mitigate DDoS attacks with the "how" depending on the particular attack in question.
Suffice to say, the easiest way to handle this is to add a source null route to your RIB and use BGP to forward that to providers upstream. Or if they are using a small number of servers or a very public one, a phone call to the AS technical contact can go a long way and sometimes they even call you first. Or you can use a link-layer drop rule on similar traffic. It really depends, but the hardware that handles large attacks usually don't use a software stack like a Linux firewall to directly analyze each and every packet.