none
DDOS IP scrubbing considerations RRS feed

  • Question

  • Hi there,

    We are using Neustar DNS DDOS protection on top of our Azure infrastructure, and they recommend that customers configure their network to allow for (ACL white list) traffic to and from the following subnets (SiteProtect scrubbing center IPs).

        • 156.154.160.0/24
        • 156.154.161.0/24
        • 156.154.162.0/24
        • 156.154.163.0/24

    Is that something that we need you to consider? Do we need to warn you before we trigger the use of this tool?

    Please advise.

    Kind regards,

    Guillaume

    Thursday, December 15, 2016 9:42 AM

All replies

  • Hello,

    Thank you for posting on the Azure forums!

    Azure has an inbuilt DNS DDOS protection mechanism that should provide a reliable DDOS protection. Please refer to Microsoft cloud services and network security for details. However, we do not have any such restrictions on using a third party tool if you deem it to be safe and want to utilize it in your infrastructure protection.

    What are the subnets you are referring to? Are these Azure IPs or on premise IP addresses? Either ways we do not restrict anything as such.

    Let me know if you have additional questions.

    Regards,

    Loydon

    ________________________________________________________________________________________________________________
    When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer so that other customers can benefit from it.

    • Proposed as answer by Loydon Mendonca Thursday, December 15, 2016 4:23 PM
    Thursday, December 15, 2016 3:42 PM
  • Many thanks <g class="gr_ gr_328 gr-alert gr_spell gr_disable_anim_appear ContextualSpelling ins-del multiReplace" data-gr-id="328" id="328">Loydon</g>, makes sense.

    The IPs are the ones used by the DDOS protection company, I guess they fear that some hosting companies might block their software when they activate their DDOS protection.

    Regards,

    Guillaume


    Thursday, December 15, 2016 3:51 PM
  • Hello,

    I would suggest you to get in touch with your Enterprise representative or your technical account manager to discuss the possibilities here. It might appear that if a single IP is trying to access the same service on Azure several times Azure might as well block it. This would have to be looked at on the infrastructure level and so the best option here is to take some sound advice having someone look at your configuration thoroughly.

    Regards,

    Loydon

    Thursday, December 15, 2016 4:23 PM
  • Hi Loydon,

    We do not have a technical account manager. Presumably, we need to pay for support to get one?

    Regards,

    Guillaume

    Thursday, December 15, 2016 5:54 PM
  • Hello,

    You can check for support option in Azure support plans and choose the one suitable to your needs.

    Hope this helps.

    Regards,

    Loydon

    Friday, December 16, 2016 9:42 AM