How to stop a Distrubuted Denial of Service Attack (DDoS) on Azure

Previous: Moving a Database to Azure

Back to Table of Contents

Now that we have done the (hard?) work of moving the website to Azure, stopping the Denial of Service attack is relatively easy. We will create a simple startup script for our Web Role, and we're done.

  1. Create a file called "StopHacker.cmd", and put the following lines of code in:
    netsh advfirewall firewall delete rule name="disallow Hacker IP"
    # ignore wrapping, this should all be on one line
    netsh advfirewall firewall add rule name="disallow Hacker IP" action=block enable=yes profile=any 
    localip=any protocol=any dir=in  remoteip=,,,
    These commands were discussed in a previous section, How To Stop a Denial of Service Attack. Obviously, you will want to replace the IP addresses shown above with the Hacked machine IP addresses you collected previously.

  2. Next, follow these instructions to create a Startup Task on Azure using the script you just made.

  3. Deploy your website, login to your Web Role instances with Remote Desktop, and use netstat or these other techniques to confirm that the you have thwarted the attack.

  4. Using Powershell, you can further modify this script to proactively detect a hacker attack and block the IPs (I'll post this eventually in the 'Scripts' section of this website.)


Previous: Moving a Database to Azure

Back to Table of Contents

Problems, Comments, Suggestions? Click here to contact Greg Thatcher

Please read my Disclaimer

Copyright (c) 2013 Thatcher Development Software, LLC. All rights reserved. No claim to original U.S. Gov't works.