Microsoft claims its Azure cloud has fended off the largest DDOS attack it’s detected, which clocked in at 2.4Tbit/sec.
The software giant has disclosed the attack, which Azure networking senior program manager Amir Dahan wrote was detected in late August.
“The attack traffic originated from approximately 70,000 sources and from multiple countries in the Asia-Pacific region, such as Malaysia, Vietnam, Taiwan, Japan, and China, as well as from the United States,” Dahan wrote.
The attackers used UDP reflection, a technique that sees an attacker send packets-a-plenty to an intermediate server – the “reflector”. That name is earned because the attacker’s packets identify the target machine’s IP address as the source of the traffic. The intermediate server therefore sends responses to the target machine. Those responses can be larger than the incoming messages from the attacker.
Dahan wrote that the attacker used “UDP reflection spanning more than ten minutes with very short-lived bursts, each ramping up in seconds to terabit volumes. In total, we monitored three main peaks, the first at 2.4Tbit/sec, the second at 0.55Tbit/sec, and the third at 1.7Tbit/sec.”
Azure’s mighty DDoS-reflection powers saw off the attack, so whoever was behind it didn’t deny service for the “Azure customer in Europe” that Microsoft says was the target of the attack. Sadly, Microsoft hasn’t named the region targeted, so we’re none the wiser about which Azure infrastructure has proven its resilience – should that be something you value.
Microsoft’s post does, however, claim the attack is the largest it has seen. It may also be the largest anywhere.
In May 2020 AWS claimed it fended off a 2.3Tbit/sec attack, although Akamai claimed the attack it fended off in June of the same year involved more packets – 809 million per second of the blighters at the peak of the attack.
Cloudflare has staked its own claim to the crown, after recording 17.2 million requests per second in an August 2021 attack.
Microsoft hasn’t shared any insights into the source of the attack, nor the attackers’ motivations other than disrupting service. ®