Distributed Denial of Service attacks are constantly growing and creating much more problems. Microsoft is way ahead of the other companies to defend European Azure cloud user against which is supposed to be the biggest update and is at 2.4 terabyte per second.
we know from certain analysis that this is the biggest DDoS attack on the Azure cloud customer ever. Microsoft reported that this was higher than any network volumetric event previously detected on Azure so far
The reasons for the target are still unknown as Microsoft has not revealed anything yet.
the attack was received from over 70,000 sources and it was originated mainly in Asia Pacific countries such as Malaysia, Taiwan, Japan, China and from the United States.
The attackers used UDP protocol to establish this attack. Having very short-lived burst the attack lasted for over 11 to 12 minutes. Each ramp hit terabytes in seconds. Overall, there were three main peaks that Microsoft encountered. The first one was at 2.4 terabytes, the second being lower than the 1st was 0.55 terabytes and the third again went high and was at 1.7 terabytes per second
The attackers misused the UDP for being a stateless protocol. The attacker may have created a valid UDP request packet listing the targets IP address as the UDP server IP address. The attack seemed to be reflected, back and forth within the local network. The attacker exploited the UDP packet and inject a Falsified IP address and then send it to the middleman server. The server was compromised, and it sends the infected response packet to the targeted victim IP rather than sending it back to the attacker. The middleman machine generated at traffic that is several times larger than the request packet and hence strengthen the attack
The volume and fatality of the attack depends upon the protocol being abused. The protocols are charGen, Memcached NTP and DNs etc. and they all can be converted into attack dogs using some efforts. Memcached is an open source and high-performance system and is commonly used by social networks like Facebook. It is very useful until it is abused.
Microsoft did not clearly mention the main causes of the attack. However, they did mention DNS. Attacks exploiting DNS up to 54 number of bytes. It means if an attacker sends a request of 54 bytes to the DNS server, it can cause a traffic of over 3,400 unwanted bytes to the target being attacked.
Although Microsoft didn’t reveal the defensive mechanism, they used to block the attack. Still, they mentioned that Azure’s DDoS protection platform helps in absorbing 10 terabits of DDoS attacks. They said that this huge achievement can tackles the attacks up to a massive scale and absorb the highest volume of threat providing the desired protection to the customers.
The procedure was established in normal detection steps needed for lower volumed attack to instantaneously kick-in mitigation. It also ensures the fastest time to cope with the attacks and to recover the system immediately after the attack encounters.
Some basic protection is also provided for all the Azure’s users. For better and smooth experience, it recommends all the users to subscribe to the protection standards. Beside the attacks blocking, it also helps in cost protection.