Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Microsoft Security IT

Microsoft Says It Mitigated a 2.4 Tbps DDoS Attack, the Largest Ever (therecord.media) 39

Posted by msmash from the fighting-back dept.
Microsoft said its Azure cloud service mitigated a 2.4 terabytes per second (Tbps) distributed denial of service attack this year, at the end of August, representing the largest DDoS attack recorded to date. From a report: Amir Dahan, Senior Program Manager for Azure Networking, said the attack was carried out using a botnet of approximately 70,000 bots primarily located across the Asia-Pacific region, such as Malaysia, Vietnam, Taiwan, Japan, and China, as well as the United States. Dahan identified the target of the attack only as "an Azure customer in Europe."

The Microsoft exec said the record-breaking DDoS attack came in three short waves, in the span of ten minutes, with the first at 2.4 Tbps, the second at 0.55 Tbps, and the third at 1.7 Tbps. Dahan said Microsoft successfully mitigated the attack without Azure going down. Prior to Microsoft's disclosure today, the previous DDoS record was held by a 2.3 Tbps attack that Amazon's AWS division mitigated in February 2020.
This discussion has been archived. No new comments can be posted.

Microsoft Says It Mitigated a 2.4 Tbps DDoS Attack, the Largest Ever More

Microsoft Says It Mitigated a 2.4 Tbps DDoS Attack, the Largest Ever

Comments Filter:

  • TeraBYTE? (Score:3)

    by XanC ( 644172 ) on Tuesday October 12, 2021 @11:13AM (#61883945)

    The abbreviations all indicate this was a 2.4 teraBIT attack, but the words say teraBYTE. Probably bits is correct.

  • not the same as far as I know... by a factor of 8

  • Centralized (Score:2, Interesting)

    by ArmoredDragon ( 3450605 )

    This is exactly why the internet has to be centralized, and why you can't realistically host whatever content you want without the blessing of some large tech company.

    Thanks, hacktivists.

    • Re: (Score:2)

      by ceoyoyo ( 59147 )

      I'm not sure why you'd take a DDOS, people *accessing* centralized servers, as evidence that people shouldn't be allowed to host whatever they want.

      • I think he was being sarcastic.

      • The point is that the days of setting up your own hardware and hosting your own stuff with just an ISP connection, or even a colo, are gone, and it's thanks to DDoS. Your only realistic option of putting any content on the internet involves you doing business with a very large tech company, of which there are very few.

  • Just In: MSFT PR dept hires ex President (Score:4, Funny)

    by Flownez ( 589611 ) on Tuesday October 12, 2021 @11:19AM (#61883975)
    "He's shown a great aptitude for headlines, although he keeps trying to fire the mail guy"

  • I took a whooping from 2.4 teradicks. Suck it Trebek.

    It's funny how a discussion about addressing large scale network attacks gets so off-railed it becomes about bragging rights.

  • Easy solution. (Score:3)

    by NFN_NLN ( 633283 ) on Tuesday October 12, 2021 @11:24AM (#61883991)

    This is why we need to limit end user bandwidth for security.

    64.0Mbps should be enough for anyone. - Bill Gates

    • This is why we don't need to limit end user bandwidth for security.

      If both Microsoft and Amazon can mitigate 2+ Tbps DDoS attacks, then there's obviously a market with providers for people who need it.

      Cloudflare and Akamai have also mitigated 1+ Tbps attacks, so they're probably a third&fourth option, for those who don't want a full cloud environment like Azure or ACS.

    • I think you missed the first D in DDOS. Split up among 70,000 bots, it really only needed about 4Mbps per endpoint.

  • Oblig... (Score:3)

    by LordHighExecutioner ( 4245243 ) on Tuesday October 12, 2021 @11:29AM (#61884003)
    ...xkcd quote [xkcd.com].
  • attack considering it was most likely a bunch of rooted Windows computers, penetrated using security flaws in Microsoft products and services.
    • it was most likely a bunch of rooted Windows computers, penetrated using security flaws in Microsoft products and services.

      Considering the majority of bots were in Asia it is most likely these machines were using stolen software and not getting patched in the first place.

    • Re: (Score:2)

      by btroy ( 4122663 )
      Per prior article is is compromised routers. A brand called Microtik.
  • How does modern DDoS mitigation actually work nowadays? With consumers often having 100Mbit (or even Gigabit) internet connections, the asymmetry between home connections and server uplinks is not as big as they were anymore?
    Is there anything one can do against DDoS apart from fance CDN schemes?

    • Re: How does DDoS mitigation work nowadays? (Score:4, Interesting)

      by IdanceNmyCar ( 7335658 ) on Tuesday October 12, 2021 @02:31PM (#61884685)

      No. CDNs/Load balances handle this. That's why the other poster mentioned how this forces centralization...

      Without knowing that target though we can hardly know the reason bit we can guess potentially politically-motivated...

      The gist of the lesson is if you want to say something politically antagonizing about another country, either host with the big guys or keep it offline...kind of shitty but this is the modern internet.

      • kind of shitty but this is the modern internet

        Is it more or less shitty than a world where simply having a link posted on a story on Slashdot was able to DoS your site? I guess in the past we simply gave it a cute name like Slashdotting.

        The reality is the risk was always there to get nuked from orbit. We just now have a mitigation strategy that unfortunately relies on large cloud services. But it's hardly shitty or even worse than the internet of old.

        • Everything has trade-offs. You can still get DDoS'd in this manner but I think it's less likely to happen on slashdot simply because the sources being posted from and likely less users. This does still happen on reddit. Either way, I think this kind of thing is a "small inconvenience" and for heterogeneity, it's perhaps an acceptable outcome.

          • Either way, I think this kind of thing is a "small inconvenience" and for heterogeneity, it's perhaps an acceptable outcome.

            For whom? I noticed my website was down recently. Apparently nginx crashed and sat in a failed state for the past 4 months. The same could no be said if Azure AD went down, or the CoronaCheck server which in my country would prevent people from getting the QR codes issued for travel (and was the target of a large DDoS attack on the day it went live).

            The internet is more important now, and as such having some big hitters out there to ensure services can weather a DoS attack is far more than a "small inconven

    • CDNs came into existence when companies realized they could not out-scale DDoS without incurring significant expenses. In terms of both people/payroll and equipment.

      The CDN eats that massive infrastructure cost once and then keeps thousands of smaller sites online. Individual IT shops cannot leverage economies of scale; CDNs can, which essentially makes them inevitable in a free market.

      Technically, any company could do the CDN's work by itself... it just costs 100X what the CDN charges if you want to run it

  • Tbps usually means bits/second -- the article write-up here inconsistently uses TB(ytes) as equivalent to Tb(its). How do we translate TBps to bits? Do we use
    a non-metric unit of 2^3 (8), if so does the TB imply 2**40*8 bits/sec or 10**4*8bits/s? Mixing Bytes with power-of-10 prefixes is poor usage.

Slashdot Top Deals

"The medium is the massage." -- Crazy Nigel

Close