locked
Connection refused during cloud service smoke test RRS feed

  • Question

  • Hello,

    I'm getting intermittent connection refused errors from my cloud service when running a smoke test (~500 requests over ~3 minutes) from a single machine against a fresh cloud service deployment. General usage appears to be fine, it's only when running the test suite that I start seeing issues. I suspect that I'm bumping up against DOS prevention mechanisms, is there any way to verify that?

    I've tried scaling the size and number of instances up with no effect and the test runs fine against a single machine on the local network, so I don't think my application is being flooded. The application I'm running is a very basic web application (the current version effectively serves static data) that I'm using as an example to script out autodeployment to Azure. I want to be able to run a test suite against my application deployed to a staging environment (or alternate cloud service) as a verification step before it is deployed to production via an automated process.

    Thanks for your help,

           ~Peter

    Tuesday, May 7, 2013 8:57 PM

Answers

  • Hi,

    Denial of Service Attacks and Windows Azure

    If you will be generating a large number of requests from external resources, you may be considering the security impact of such requests. You may be worried that Windows Azure will see the requests as a Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack. A DoS or DDoS attack floods servers with requests that can severely degrade their performance, or cause the failures at the server or application level. Indeed, Windows Azure detects such attacks and is handled at the infrastructure or platform level. If you generate a large number of requests for your application, Windows Azure will not detect them as Dos attacks. DoS attacks usually involve malformed requests that specify incorrect source IP addresses, or whose source never acknowledges the packets for such requests. Because the load on your application will be from legitimate requests, Windows Azure will not filter such requests.

    http://blog.aditi.com/cloud/top-5-tips-to-block-a-dos-attack/

    http://msdn.microsoft.com/en-us/library/windowsazure/hh674491.aspx

    Thanks,


    QinDian Tang
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, May 8, 2013 6:34 AM
  • 500 requests over a period of 3 minutes is NOT large enough to trigger DOS prevention mechanisms.  The issue lies somewhere else.

    We've had a client who spun up 4 machines that were putting massive load on its test site (via Visual Studio's load test tools) - 1200 requests per second each and everything held together wonderfully.  


    Auto-scaling & monitoring service for Windows Azure applications at http://www.paraleap.com

    Thursday, May 9, 2013 4:22 AM

All replies

  • Hi,

    Denial of Service Attacks and Windows Azure

    If you will be generating a large number of requests from external resources, you may be considering the security impact of such requests. You may be worried that Windows Azure will see the requests as a Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack. A DoS or DDoS attack floods servers with requests that can severely degrade their performance, or cause the failures at the server or application level. Indeed, Windows Azure detects such attacks and is handled at the infrastructure or platform level. If you generate a large number of requests for your application, Windows Azure will not detect them as Dos attacks. DoS attacks usually involve malformed requests that specify incorrect source IP addresses, or whose source never acknowledges the packets for such requests. Because the load on your application will be from legitimate requests, Windows Azure will not filter such requests.

    http://blog.aditi.com/cloud/top-5-tips-to-block-a-dos-attack/

    http://msdn.microsoft.com/en-us/library/windowsazure/hh674491.aspx

    Thanks,


    QinDian Tang
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, May 8, 2013 6:34 AM
  • 500 requests over a period of 3 minutes is NOT large enough to trigger DOS prevention mechanisms.  The issue lies somewhere else.

    We've had a client who spun up 4 machines that were putting massive load on its test site (via Visual Studio's load test tools) - 1200 requests per second each and everything held together wonderfully.  


    Auto-scaling & monitoring service for Windows Azure applications at http://www.paraleap.com

    Thursday, May 9, 2013 4:22 AM
  • Your hh675591 link is dead. Got an updated link?

    Healy in Tampa


    Joe Healy, Tampa, FL

    Sunday, August 16, 2015 1:44 PM