Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🏠 Back to Blog

DDoS Protection

Overview

A distributed denial of service attack occurs when an attacker overwhelms a target with a flood of traffic, rendering the target unable to respond to legitimate requests. DDoS attacks can be difficult to mitigate because the attacker can use many different IP addresses to send traffic to the target. This makes it difficult to block the attacker’s traffic without also blocking legitimate traffic.

Types of DDoS Attacks

  • Volumetric Attacks: These attacks flood the target with a large amount of traffic, overwhelming the target’s network capacity.
  • Protocol Attacks: These attacks exploit vulnerabilities in network protocols to consume the target’s resources.
  • Application Layer Attacks: These attacks target the application layer of the target, consuming resources such as CPU and memory.

Azure DDoS Protection provides protection against volumetric and protocol attacks. To protect against application layer attacks, you can use a Web Application Firewall (WAF).

Azure DDoS Protection

  • Service Tiers
    • IP Protection: This tier offers a pricing model in which you pay per protected public IP address.
    • Network Protection: This tiers offers protection for an entire virtual network and all public IP addresses that are associated with resources in the vNet.
      • DDoS Network Protection provides additional features that are not available with the IP Protection:
        • DDoS Rapid Response Support - Gives you access to a team of DDoS response specialists who can help you mitigate an attack.
        • Cost Protection - Provides Azure credits back to us if a successful DDoS attack results in extra costs due to infrastructure scale out.
        • WAF Discount - Offers a pricing discount for Azure WAF