Can confirm the impact appears total for the Azure portal; Microsoft sells DDoS protection as part of Front Door and other Azure services. Do they not use it themselves?
> Microsoft sells DDoS protection as part of Front Door
They got in via a Back Door.
A lot of places sell DDoS protection. Most of it only ever cover the basics. With the size of botnets, hacked computers, etc that are easily and cheaply available for rent - a lot of so called DDoS protection services can't compete.
You really need to dig deep into what they mean by DDoS protection.
What layers are covered? What type of services are covered?
Also e.g. when they mention they cover volumetric attacks, it's often marketing more than the real deal.
E.g. a provider sells $x of total protection (that number means across all PoPs, so usually $x / 30 or less). It can still go down if you focus all your attacks on a few PoPs that matter.
We see the same thing. One of my team is sailing around in the portal, even opening new tabs and it all is just working.
But I can't create a new session, even when remoted into an Azure-hosted VM. All our servers and services seem to be running fine; it just seems to be the portal.azure.com website that is impacted.
Probably because the actual portal service call happens at new page load.
Metric pages and everything else are data plane/control plane info most likely, which is coming from other services.
An easy way to validate this would be using fidler or similar to analyze the traffic that happens in the loaded page.
i wonder how much traffic it would take to DDoS Azure's Web UI. You're talking about like 1,000,000+ orchestrated/coordinated silently hijacked machines all... what? curl'ing in a loop some API of theirs?
[+] [-] error9348|2 years ago|reply
[+] [-] tatersolid|2 years ago|reply
[+] [-] re-thc|2 years ago|reply
They got in via a Back Door.
A lot of places sell DDoS protection. Most of it only ever cover the basics. With the size of botnets, hacked computers, etc that are easily and cheaply available for rent - a lot of so called DDoS protection services can't compete.
You really need to dig deep into what they mean by DDoS protection.
What layers are covered? What type of services are covered?
Also e.g. when they mention they cover volumetric attacks, it's often marketing more than the real deal.
E.g. a provider sells $x of total protection (that number means across all PoPs, so usually $x / 30 or less). It can still go down if you focus all your attacks on a few PoPs that matter.
[+] [-] nullindividual|2 years ago|reply
[+] [-] donutshop|2 years ago|reply
[+] [-] jakedata|2 years ago|reply
[+] [-] AtNightWeCode|2 years ago|reply
[+] [-] NicoJuicy|2 years ago|reply
[+] [-] ojintoad|2 years ago|reply
[+] [-] tatersolid|2 years ago|reply
But I can't create a new session, even when remoted into an Azure-hosted VM. All our servers and services seem to be running fine; it just seems to be the portal.azure.com website that is impacted.
[+] [-] Izikiel43|2 years ago|reply
An easy way to validate this would be using fidler or similar to analyze the traffic that happens in the loaded page.
[+] [-] mynameisvlad|2 years ago|reply
[+] [-] AtNightWeCode|2 years ago|reply
[+] [-] MuffinFlavored|2 years ago|reply
[+] [-] soco|2 years ago|reply