How to thwart a Denial of Service Attack
-
2012年3月28日 5:50
Recently, my website was taken down by a Distributed Denial of Service (DDOS) attack. I was able to revive my site by moving to Azure. I've written about what I did here: http://www.gregthatcher.com/Azure/
I'm wondering if anyone else with a website on Azure has had a similar experience, and if they used any other techniques (besides startup commands that configure the firewall, etc.)
In particular, I'd appreciate any advice on how anyone has fought off a more sophisticated attack (my hacker was just using a bunch of hacked machines running ApacheBench to bring my site down.)
すべての返信
-
2012年3月28日 17:54My understanding is that Windows Azure handles throttling connections for you, so if they perceive a DoS or DDoS they will throttle traffic at the hardware level before it even hits your VM.
Developer Security MVP | www.syfuhs.net
-
2012年3月28日 19:41
The traffic certainly hit my two small instances. My pages were slow (they took about 5 seconds to load during the attack), but the site stayed up (unlike DiscountASP.net, my former ISP, where the DDos attack killed my site.) The hacker was able to pull 1 TB of data from my site in a 24 hour period; fortunately, Azure bandwidth is cheap, so it only cost me about $100. After I setup the firewall on the instances to block the machines that were running ApacheWeb against my site, my traffic dropped to normal levels.
Perhaps Azure's DoS and DDos throttling is oriented towards more sophisticated attacks? I have no idea what Azure offers for this, but Azure certainly let me fight off this attack myself.
On a related note, if someone else needs to move to Azure during one of these DDos attacks, be sure to remove the credit card limit ($0.00) from your 3 month trial subscription. I made this mistake when the hacker sent through the 1 TB of data, and Azure suspended my account when my trial bandwidth allocation ran out. Fortunately, an awesome Azure support employee named Robert Dil re-activated my account (on a Saturday of a 3 day weekend - unbelievable!).
-
2012年3月28日 21:31I don't think a connection is ever dropped, just throttled, which is why you had to manually block the attackers. You could probably talk to the support team and get them to put a block in at their level, but I'm not sure what kind of turnaround time there'd be.
Developer Security MVP | www.syfuhs.net
-
2012年3月29日 16:56モデレータ
Hi,
Windows Azure has some basic anti DOS attack features. For example, if we make too many requests to the same storage partition, some of the requests will fail with a server is busy error. But it is up to us to protect our role instances. For example, if we use ASP.NET, configure the settings under httpRuntime to reasonable values. I would like to suggest you to check http://msdn.microsoft.com/en-us/library/e1f13641.aspx for more information.
Best Regards,
Ming Xu.
Please mark the replies as answers if they help or unmark if not.
If you have any feedback about my replies, please contact msdnmg@microsoft.com.
Microsoft One Code Framework- 回答としてマーク gregthatcher 2012年4月2日 17:43
-
2012年3月29日 17:59
Thanks Ming, that is a great link.
IMHO, these would be the best settings for a more sophisticated DDos attack: enableHeaderChecking, executionTimeout, maxQueryStringLength, maxRequestLength, maxUrlLength
Are there any others anyone would suggest? Or, does anyone disagree with my list above?
-
2012年4月2日 10:57Yes, your list is fine.
