Microsoft says Azure fended off what might just be the world's biggest-ever DDoS attack Microsoft claims its Azure cloud has fended off the largest DDOS attack it's detected, which clocked in at 2.4Tbit/sec. The software giant has disclosed the attack, which Azure networking senior program manager Amir Dahan wrote was detected in late August. "The attack traffic originated from approximately 70,000 sources and …
Azure, AWS, Akamai and Cloudflare are all claiming the 'biggest DDOS' crown - a bit like superyachts - is it length, is it displacement, is it internal volume?
Regardless of whose is the biggest - these are all serious and likely to only get worse. Makes it very clear that CPE based DDOS protection for on prem or dedicated data centre infrastructure would never be able to fend off a volumetric attack (but may clearly still be very relevant to application layer DDOS mitigation). Volumetric DDOS mitigation requires a network and collaborative mitigation strategy.
"a network and collaborative mitigation strategy"
Nope... regulation and BCP38 but as long as DDOS attacks are a source of revenue and carriers, ISP, IXP and all in between claim that BCP38 is too costly/complex or any other nonsense...
https://www.internetsociety.org/blog/2014/07/anti-spoofing-bcp-38-and-the-tragedy-of-the-commons/
This is all well and good, and kudos to all involved etc.
Now all Microsoft have left to sort out is their own Azure / Office 365 DDoS activities, which typically go something like:
1) You noticed something's broke...we're on it.
2) Yeah, it's broke...investigating.
3) Um, yeah, we just applied a patch / update and we're rolling it back.
4) Aren't we great, we fixed it!
5) ??
6) Rinse, repeat.
7) Still profit.
For the thumbs-downers (downer!), you must like this stuff then:
Microsoft 365 Status
@MSFT365Status
Oct 7
We've determined that a recent update contained a misconfiguration for PSTN requests. We're reverting the update to remediate impact. More information is available under TM289868 in the admin center.
Jun 11
We've isolated a recent change that has caused portions of infrastructure to send some Microsoft Teams calls straight to voicemail. We're preparing to rollback the change. More details will be provided under TM261472 in the admin center.
Jun 10
We reverted a recent update that caused this issue and have validated that service has been restored. Additional information can be found in the admin center under TM261228.
May 26
We're reverting a change that has caused inbound email to be incorrectly routed to the junk folder. Additional information can be found in the admin center under EX258373.
For the thumbs-downers (downer!), you must like this stuff then:
...
It's not relevant here, your message didn't bring anything new to the conversation about the DDoS attack - we all know Microsoft and all other cloud peddlers fail from time to time.
How would you feel if Linux/Apple/(whatever your fancy) were reported to have done something positive - comparable to this fending off 2Tb/s DDoS attack - and an Anonymous Coward comes only up with something like "yeah, but how about them 140 Linux kernel vulnerabilities in 2021 and counting!! What a bunch of nincompoop coders!
Sure, bashing Micros~1 in every article is going to get you upvotes from haters, because...Microsoft. I can only hope that these forums don't degenerate into more vicious state than they already are.
Fair - I can say with near (handwavy) certainty what operating system that wound up directly involved in mitigating this was not, if bashing MS is fair game! (from a traffic management perspective, when I say directly. Not the traffic management management workstations!)
I'd pay to watch this happening on RRAS or "Internet connection sharing" though.
I don't see anything in this chain as vicious personally, and cloud services going down is a big deal, and rightfully people are annoyed when it happens. It's the big sell of going managed cloud. It's about Azure, so they get the flak here. They can repel malicious outsiders but don't always succeed at testing internally as the previous posters timeline shows.
Only the attacker's system(s) need to evade source filtering.
At the other 70,000 locations, their ISPs will happily pass incoming traffic with source address X and destination address Y (inside the network), and pass outgoing traffic with source address Y (inside the network) and destination address X. They can't tell that X is spoofed.
... Who pays?
This is the thing that terrifies me about cloud. Is the targetted party in this, rather than a few minutes of downtime going to get landed with a 30 petabyte data transfer bill instead?
Not a single page timeout, unfortunately your personal CV page blog with a single visitor owes use £360,000 for the month and counting.
(yes I'm genuinely this ignorant, but believe it's transfer out that counts? But I wouldn't want to bet my house on it). I'll take the DoS, please.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
