Cybersecurity: Microsoft Azure rejects a major DDoS attack

OVH is not the only cloud service to suffer damage. Azure, Microsoft’s cloud branch, has just defended itself with its European users against a distributed denial of service (DDoS) attack that sends 2.4 terabits of data per second (Tb / s).

This is the largest DDoS attack against an Azure cloud customer, while the previous Azure attack, which occurred in 2020, was on the order of 1 Tb / s. Microsoft stated that it was “larger than any previously detected network volumetric event in Azure”, without however specifying the target of this attack.

The attack itself came from more than 70,000 sources. It was orchestrated from various countries in the Asia-Pacific region (Malaysia, Vietnam, Taiwan, Japan and China) and from the United States. The attack vector was a User Datagram Protocol (UDP) reflection attack. The attack lasted more than 10 minutes, with streaks of very short duration. Each of these bursts reached volumes on the order of a terabit in a few seconds. In total, Microsoft saw three main peaks, the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps.

Storm of requests

As a reminder, in a UDP reflection attack, the attacker takes advantage of the fact that UDP is a stateless protocol. This means that attackers can create a valid UDP request packet indicating the attack target’s IP address as the UDP source IP address. It seems that the attack is reflected back and forth within the local network, hence its name. This is because the source Internet Protocol (IP) of the UDP request packet is spoofed, that is, altered.

The UDP packet contains the spoofed source IP and the attacker sends it to an intermediate server. The server is tricked into sending its UDP response packets to the target victim’s IP instead of returning them to the attacker. The intermediary machine helps strengthen the attack by generating network traffic that is many times greater than that of the request packet, amplifying the attack traffic.

The degree of amplification depends on the attack protocol used. Common Internet protocols such as DNS, NTP, memcached, CharGen or QOTD can become watchdogs against DDoS attacks.

Azure has resources

The baddest of these is Memcached. Memcached is a high-performance, distributed, open source object caching system. It is commonly used by social networks like Facebook and its creator LiveJournal as a key value storage in memory, for small bits of arbitrary data. In this case, it is very useful. When abused, Cloudflare, the web security and performance company, has found that 15-byte requests can generate 750KB of attack traffic – an amplification of 51,200 times!

Microsoft doesn’t say which one was used in this case, but does mention DNS. Attacks that exploit DNS can produce 28 to 54 times the initial number of bytes. Therefore, if an attacker sends a 64-byte payload to a DNS server, they can generate more than 3,400 bytes of unwanted traffic to the target of the attack.

While Microsoft also didn’t elaborate on how it blocked the attack, it does say that Azure’s DDoS protection platform, built on distributed DDoS detection and mitigation pipelines, can absorb dozens of terabit dollars of DDoS attacks. “This aggregated and distributed mitigation capability can massively scale to absorb the largest volume of DDoS threats, giving our customers the protection they need. “

Typically, the Azure DDoS control plane logic is triggered when it detects a developing DDoS storm. “This helps to avoid the normal detection steps required for low-volume floods and to implement mitigation measures immediately. This speeds up the mitigation process and prevents collateral damage caused by attacks of this magnitude. “

Source: .com

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button