Stories
Slash Boxes
Comments

SoylentNews is people

Microsoft Azure Customer Hit by Largest 3.47 Tbps DDoS Attack

posted by martyb on Saturday January 29 2022, @12:55PM   Printer-friendly

upstart writes:

Microsoft Azure customer hit by largest 3.47 Tbps DDoS attack:

A Microsoft Azure cloud computing customer in Asia was a victim of a massive 3.47 Tbps DDoS attack (distributed denial of service attack) in November 2021, the software and technology giant Microsoft revealed on January 25, 2022.

The DDoS attack lasted approximately 15 minutes and included a botnet of more than 10,000 compromised IoT (Internet of Things) devices from countries across the globe. These included Iran, India, China, Russia, Taiwan, Vietnam, Thailand, Indonesia, South Korea, and the United States.

Attack vectors were UDP reflection on port 80 using Simple Service Discovery Protocol (SSDP), Connection-less Lightweight Directory Access Protocol (CLDAP), Domain Name System (DNS), and Network Time Protocol (NTP) comprising one single peak.

Alethea Toh Product Manager, Azure Networking

Microsoft's report further disclosed that there has been a surge in DDoS attacks with the United States and India being prime targets. The company noted that Hong Kong has also become a popular hotspot for attackers however there has been a decrease in DDoS activity in Europe.

[...] A DDoS attack involves sending a huge amount of illegal traffic from compromised machines to the intended target and therefore disrupting them completely. The system can crash and lead to a massive loss of data, particularly, in the case of companies that host a significant amount of information regarding their clients and customers.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Microsoft Azure Customer Hit by Largest 3.47 Tbps DDoS Attack | Log In/Create an Account | Top | 22 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 4, Insightful) by Username on Saturday January 29 2022, @02:04PM (8 children)

    by Username (4557) on Saturday January 29 2022, @02:04PM (#1216694)

    > illegal traffic

    There is no such thing. If sending a lot of packets is illegal, then spam should be illegal as well. Everyone driving to lambeau field for a packer game should be illegal.

    > system can crash and lead to a massive loss of data

    If I send a packet to your server and it crashes, not my fault, you shouldn't be accepting packets. If I send you a letter, and your mailbox falls down, not my fault either. Get a better mailbox.

    • (Score: 2, Funny) by Anonymous Coward on Saturday January 29 2022, @02:44PM (2 children)

      by Anonymous Coward on Saturday January 29 2022, @02:44PM (#1216703)

      Please post your server IP so we can direct our ddos there. I'm sure you won't care, since you are immune?

      • (Score: 4, Funny) by Booga1 on Saturday January 29 2022, @03:31PM (1 child)

        by Booga1 (6333) on Saturday January 29 2022, @03:31PM (#1216710)

        My IP is 127.0.0.1 Come at me bro. Let's see what you've got!

        • (Score: 4, Funny) by Anonymous Coward on Saturday January 29 2022, @07:22PM

          by Anonymous Coward on Saturday January 29 2022, @07:22PM (#1216759)

          Hey! I have the same IP for my luggage journal!!

          Signed,
          Totally banned aristarchus

          (No, seriously, can't post from 127.0.0.1, either! )

    • (Score: 3, Touché) by EvilSS on Saturday January 29 2022, @08:22PM (1 child)

      by EvilSS (1456) Subscriber Badge on Saturday January 29 2022, @08:22PM (#1216769)
      OK, then put your ass where your mouth is, so to speak. Here is a google search of some DDOS IP stresser services. Go buy some time, point it at something (government website, corporate website, whatever), then, under your real name on social media, brag to the entity you pointed it at that you are the one doing it. If what you say is true, then you've done nothing illegal and no problem, right? So, how confident are you in what you are spouting? https://www.google.com/search?q=ip+stresser [google.com]

      • (Score: 2) by darkfeline on Sunday January 30 2022, @10:19AM

        by darkfeline (1030) on Sunday January 30 2022, @10:19AM (#1216923) Homepage

        Just because something is legal doesn't mean someone would be willing to do it to prove it is legal. Walking in a sketchy neighborhood at night is legal, but I wouldn't do it.

        --
        Join the SDF Public Access UNIX System today!

    • (Score: 2, Disagree) by PiMuNu on Saturday January 29 2022, @08:52PM

      by PiMuNu (3823) on Saturday January 29 2022, @08:52PM (#1216776)

      UK law:

      https://www.nationalcrimeagency.gov.uk/?view=article&id=243:ddos-attacks-are-illegal&catid=2 [nationalcrimeagency.gov.uk]

    • (Score: 2) by VLM on Saturday January 29 2022, @10:32PM

      by VLM (445) on Saturday January 29 2022, @10:32PM (#1216800)

      There is no such thing. If sending a lot of packets is illegal

      Its a "English language is shitty" problem not a legal problem. Or its illegal as in violating a protocol specs not illegal as in jaywalking or smoking a joint.

      So this example isn't a UDP reflection attack, but the spirit of the attack is imagine I sent a packet to soylent news requesting the web page at sn.org/siaflnfbvawtfwtfwtfsdfasdhsgdfg.html and imagine SN is one of those places with the cute animated 404 error message page that takes up 50 megs of bandwidth because their 404 page has dancing animated toasters on it, and I falsify my source address as actually being you, and the SN server responds back to you (not me) with a 50 meg 404 error message page. For laughs I tried a URL at SN and its a modestly large 404 page; but you can't do UDP reflection attacks on TCP port 80 anyway.

      The actual way you do a reflection attack using NTP is you send a packet to "some" ntp servers that (in a speculative sense) I'm using an authentication algo that's literally not even defined in the spec and their server flips their shit upon seeing such a weird authentication spec and sends an enormous 1000 byte response back along the lines of "WTF that auth protocol doesn't exist dumbass go away" although in computer language not English, and for the LOLz I put your address in as the source instead of my actual address.

      So (making this up for the Lolz, but in spirit I'm correct) my packet is illegal as in the ntp protocol specification says legal ntp packets all have one of the defined authentication schemes identified by a number 0 to 35 currently defined as of 2022 but I sent one identified with the number 36 manually set to some poor bastard, and their server flipped out and spammed you back an enormous error message because auth scheme #36 doesn't exist as of 2022. And my ntp ping was like 20 bytes and their error message was 2000 bytes so I amplified my attack on you by a factor of 100 by sending "illegal" packets to an innocent bystander.

      If you think about it using a shitty soylent news automobile analogy, its like doing a DDOS on your postal mailbox by sending a shitton of fake screwed up magazine subscriptions to Car and Driver magazine and totally Fing up the subscription request except for including your postal address, so Car and Driver keeps sending you endless form letters along the lines of "OK dude, you should know that legal credit card numbers are not negative integers nor floats so please try to re-subscribe". So they're illegal in the sense of the credit card spec says legal credit card numbers are 16 digits or whatever, not negative forty two and a half or some nonsense like that.

    • (Score: 1) by Sabriel on Monday January 31 2022, @12:02PM

      by Sabriel (6522) on Monday January 31 2022, @12:02PM (#1217185)

      > There is no such thing. If sending a lot of packets is illegal, then spam should be illegal as well. Everyone driving to lambeau field for a packer game should be illegal.

      Sending a lot of packets can be legal or illegal much like shooting a lot of bullets can be, it depends on the circumstances, but maybe you can explain why you plugging little Timmy full of holes weren't illegal to the judge better than I can. I don't think "coz he said he liked the packers" is gonna cut it.

      > If I send a packet to your server and it crashes, not my fault, you shouldn't be accepting packets. If I send you a letter, and your mailbox falls down, not my fault either. Get a better mailbox.

      Did you miss that that paragraph was providing a simpler explanation for less IT savvy folks, or did you just accidentally delete your empathy this morning? Whether one calls it a "crash" or describes it properly, for some weird reason I got a little hunch most systems wouldn't just no-sell a DDoS like that.

  • (Score: 0) by Anonymous Coward on Saturday January 29 2022, @02:50PM (7 children)

    by Anonymous Coward on Saturday January 29 2022, @02:50PM (#1216706)

    Anyone want to run the numbers on what the Carbon output is on an attack like this?

    • (Score: 0, Informative) by Anonymous Coward on Saturday January 29 2022, @03:37PM

      by Anonymous Coward on Saturday January 29 2022, @03:37PM (#1216713)

      If it takes down Microsoft, it's worth every megaton.

    • (Score: 4, Insightful) by crafoo on Saturday January 29 2022, @04:28PM (5 children)

      by crafoo (6639) on Saturday January 29 2022, @04:28PM (#1216719)

      Carbon Credits is communism packaged in a way that modern cattle find emotionally pleasing. So, the carbon cost necessarily depends 100% on the ideology and the intentions of the attacker. If it's in the name of progressivism and communism, it is 0: i.e. a progressive will say it is 100% worth it and no cost is too great.

      Carbon Credits are nothing more than a top-down way to direct an economy based on ideology and politics, not on the best, most practical, most efficient way to allocate scarce resources among everyone.

      • (Score: 5, Insightful) by mcgrew on Saturday January 29 2022, @06:02PM (2 children)

        by mcgrew (701) <publish@mcgrewbooks.com> on Saturday January 29 2022, @06:02PM (#1216743) Homepage Journal

        Carbon credits aren't about "communism packaged in a way that modern cattle find emotionally pleasing", it's a way to get the people who are putting the most carbon in the air to put less in. Carbon is warming the planet and causing climate change. How can anybody on S/N be so ignorant? Are you lost, little one?

        Carbon credits are like cigarette taxes: They want you to stop smoking, and they (and I) want us to stop burning fossil fuels. Some of us aren't money worshiping assholes and actually care what kind of a hell hole we leave behind after we die.

        --
        Carbon, The only element in the known universe to ever gain sentience

        • (Score: 1, Troll) by Username on Saturday January 29 2022, @06:19PM (1 child)

          by Username (4557) on Saturday January 29 2022, @06:19PM (#1216752)

          Says the dude using a device made with hydrocarbons, sending signals over wires that are coated with hydrocarbons, and breathing out CO2. Why do you hate the environment? Shouldn't you be in a commun somewhere, weaving clothes out of hemp?

          • (Score: 4, Touché) by Anonymous Coward on Saturday January 29 2022, @11:10PM

            by Anonymous Coward on Saturday January 29 2022, @11:10PM (#1216808)

            Nothing is perfect so we shouldn't do anything.

      • (Score: -1, Flamebait) by Anonymous Coward on Saturday January 29 2022, @06:03PM

        by Anonymous Coward on Saturday January 29 2022, @06:03PM (#1216744)

        "Russia did it."

        -- Every China-owned Jewish lawmaker profiting from Uyghur slave labor

      • (Score: 1, Informative) by shrewdsheep on Saturday January 29 2022, @06:11PM

        by shrewdsheep (5215) on Saturday January 29 2022, @06:11PM (#1216750)

        Quite to the contrary: it is about giving a price to a good that was not priced before. This is precisely the (neo-)liberal approach to achieve "the best, most practical, most efficient way to allocate scarce resources among everyone".

        The point of contention might be how high the price should be.

  • (Score: 0) by Anonymous Coward on Saturday January 29 2022, @04:11PM

    by Anonymous Coward on Saturday January 29 2022, @04:11PM (#1216718)

    It was a reverse "This is windows calling" support ticket.

  • (Score: 2, Insightful) by Gaaark on Saturday January 29 2022, @09:34PM (3 children)

    by Gaaark (41) Subscriber Badge on Saturday January 29 2022, @09:34PM (#1216788) Journal

    Customer uses Microsoft product, gets fucked and stops using Microsoft product... yeah. HEY LOOK! A TALKING RABBIT!

    Really. Why is this news? We all know that using Microsoft products set you up for failure, and yet idiots still use it.

    I guess it's the Chesire Sheep strategy? Keep smiling while you take it up the spreadsheet...

    --
    --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---

    • (Score: 3, Funny) by Anonymous Coward on Saturday January 29 2022, @10:02PM

      by Anonymous Coward on Saturday January 29 2022, @10:02PM (#1216796)

      show me on this doll where the clippy bot touched you sonny.

    • (Score: 2, Interesting) by Anonymous Coward on Saturday January 29 2022, @10:42PM (1 child)

      by Anonymous Coward on Saturday January 29 2022, @10:42PM (#1216804)

      How was that customer set up for failure? Azure was able to mitigate the DDoS. This is a success story for Microsoft not one where someone "gets fucked" or "set up."

      • (Score: 0) by Anonymous Coward on Sunday January 30 2022, @03:06PM

        by Anonymous Coward on Sunday January 30 2022, @03:06PM (#1216960)

        i think m$ defines "successful mitigation of a ddos attack" when it didn't start ww3 :P

(1)