简体繁体中英

Does the Azure Network Security Group (NSG) stateful firewall block all (UDP and TCP) reflection DDoS Attackss?

原文 2019-10-23 18:43:33 1 1 firewall/ azure-ddos

Based on my testing, the Azure Network Security Group (NSG) stateful firewall blocks all (UDP and TCP) reflection DDoS Attacks? I did my test by programmatically just creating an NSG incoming tcp port 80,443 allow rule. Is that all I need to do? (I think the answer is yes).

BTW, here is an example of a reflection DDoS Attack. Client 1, part of a botnet, spoofs it's source IP address, to be that of the victim. Client 1 then sends to an innocent 3rd party, which is for example running a UDP port 53 DNS server, this crafted malicious packet. The 3rd party server replies, but the reply goes to the victim server (since the source IP address was spoofed).

1 answers

You don't even need Azure Firewall to block reflection attacks, provided you have the Standard level of DDoS protection enabled on the VNet your resources are connected to, in your example the DNS server.

https://docs.microsoft.com/en-us/azure/virtual-network/ddos-protection-overview

Do I need to open Azure NSG firewall rule and VM firewall rule at the same time

Does the server Firewall which allows Outgoing traffic on Port 80/TCP also allow on Port 80/UDP?

Will a firewall block local TCP communication between processes?

Setup Azure Network security group rules for Octopus Tentacle?

Puppet firewall module does not recognise the 'security' table

How to connect Azure Web Application (App Service/Website) to Network Security Group?

Does Azure SQL Database firewall automatically allow VM's in the same Resource Group?

TCP communication stops with firewall on

using python: how create firewall to block/drop network packets

EC2: Security group firewall rules across multiple regions with AutoScaling

暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Do I need to open Azure NSG firewall rule and VM firewall rule at the same time Does the server Firewall which allows Outgoing traffic on Port 80/TCP also allow on Port 80/UDP? Will a firewall block local TCP communication between processes? Setup Azure Network security group rules for Octopus Tentacle? Puppet firewall module does not recognise the 'security' table How to connect Azure Web Application (App Service/Website) to Network Security Group? Does Azure SQL Database firewall automatically allow VM's in the same Resource Group? TCP communication stops with firewall on using python: how create firewall to block/drop network packets EC2: Security group firewall rules across multiple regions with AutoScaling

Related Tags

Does the Azure Network Security Group (NSG) stateful firewall block all (UDP and TCP) reflection DDoS Attackss?

Question

1 answers

solution1 0 2019-10-23 19:52:35

solution1
0 2019-10-23 19:52:35