question

Lyrica-5786 avatar image
0 Votes"
Lyrica-5786 asked GitaraniSharmaMSFT-4262 commented

Ddos protection

I set up ob Ubuntu server a “hosted server” and was using ssl certificates, and someone had found out IP address of machine and started a ddosing by botnet
What I can do about that?

azure-ddos-protection
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @Lyrica-5786 ,

You may want to take a look into the security best practices for IaaS workloads in Azure to protect your VMs against DDOS attacks:
https://docs.microsoft.com/en-us/azure/security/fundamentals/iaas
https://docs.microsoft.com/en-us/azure/ddos-protection/fundamental-best-practices
https://docs.microsoft.com/en-us/azure/virtual-machines/security-recommendations#networking

Azure provides continuous protection against DDoS attacks. This protection is integrated into the Azure platform by default and at no extra cost.

In addition to the core DDoS protection in the platform, Azure DDoS Protection Standard provides advanced DDoS mitigation capabilities against network attacks. It's automatically tuned to protect your specific Azure resources. Protection is simple to enable during the creation of new virtual networks. It can also be done after creation and requires no application or resource changes but it is a charged service.
If you wish to learn more about DDOS Protection Standard, please refer : https://docs.microsoft.com/en-us/azure/ddos-protection/ddos-protection-overview

Thanks,
Gita

0 Votes 0 ·

1 Answer

SaiKishor-MSFT avatar image
0 Votes"
SaiKishor-MSFT answered

@Lyrica-5786 Thank you for reaching out to Microsoft Q&A. We sincerely apologize for the delay in response to your issue.

I understand that you are seeing a Ddos attack to your Ubuntu server. Azure provides a few options for this situation:

Azure Ddos protection standard, combined with application design best practices, provides enhanced DDoS mitigation features to defend against DDoS attacks. However, please note that currently Azure DDOS service does not allow you to manually block specific IP addresses. For that, you can use Azure Firewall which uses threat intelligence-based filtering so you can protect your virtual network by denying traffic from/to known malicious IP addresses and domains. It might also help if you can go through this Network Security baseline documentation and determine if additional security measures are required or missing.

Here are some reference architecture for Ddos protection. Hope this helps.
Please let us know if you have any further questions and we will be glad to assist you further. Thank you!

Remember:

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.

Want a reminder to come back and check responses? Here is how to subscribe to a notification.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.