How to stop a Distrubuted Denial of Service Attack (DDoS) on Azure
Now that we have done the (hard?) work of moving the website to Azure,
stopping the Denial of Service attack is relatively easy.
We will create a simple startup script for our Web Role, and we're done.
- Create a file called "StopHacker.cmd", and put the following lines of code in:
netsh advfirewall firewall delete rule name="disallow Hacker IP"
# ignore wrapping, this should all be on one line
netsh advfirewall firewall add rule name="disallow Hacker IP" action=block enable=yes profile=any
localip=any protocol=any dir=in remoteip=220.127.116.11,18.104.22.168,22.214.171.124,126.96.36.199
These commands were discussed in a previous section, How To Stop a Denial of Service Attack.
Obviously, you will want to replace the IP addresses shown above with the Hacked machine IP addresses you collected previously.
- Next, follow these instructions to create a Startup Task on Azure
using the script you just made.
- Deploy your website, login to your Web Role instances with Remote Desktop, and use netstat or these other techniques to confirm that the you have thwarted the attack.
- Using Powershell, you can further modify this script to proactively detect a hacker attack and block the IPs
(I'll post this eventually in the 'Scripts' section of this website.)