Posted on October 24, 2019 at 5:55 AM
Yesterday evening, there was a continuous DDoS attack on AWS. The attacked was a lengthy one, as it lasted for close to eight hours. It is not the first time it is happening, and there are growing concerns about this sort of attack on the AWS.
A DDoS attack is generally a malicious attack, in which the initiators try to make a targeted system or network unreachable to the concerned end-users. Attackers make use of different methods to keep the network busy and unavailable to the users.
The Route 53 DNS web offering was the major recipient of the attack, but it knocked down other services within the network as well. The incident has already raised a lot of concerns regarding the operation of the “Shield Advance,” the DDoS mitigation service.
The attack also disrupted other platforms
The DDoS attack also affected the cloud platform of Google (GCP). Although Google did not state that the problem with its GCP is related to the malicious attack, it posted the news on its site, stating the issues with customers.
According to the company, customers are having issues with Google Cloud Storage, Cloud Bigtable, Google Kubernetes Engine, Cloud Memorystore, and Google Compute Engine. Customers are having these issues simultaneously, the report stated.
The hit on AWS disrupted the activities of customers as they are struggling to gain access to the AWS S3 service. A lot of these AWS services depend largely on external DNS series, such as electric load (ELB) and Relational Database Service (RDS).
In particular, there is a bigger impact of the attack on the United State’s East Coast.
However, AWS pointed out that the effect of the attack is on a low level, as it only affects only a few DNS names. AWS users who are on Reddit complained that they could not reach Aurora clusters, as many have pointed out that the cloud service has not been available to customers for more than seven hours.
Afterward, AWS sent an email to customers, telling them the DDos is responsible for those attacks. The register reported this and told them it is currently inspecting the reports of DNS resolution errors.
According to the report, the DDoS mitigations are currently taking in most of the traffic. However, some customers are experiencing prolonged difficulty as a result of these mitigations. It further mentioned that it is considering creating additional mitigations and trying to resolve the main reason for the attack to cut it off.
In Amazon’s case, the Shield Advanced DDoS has almost resolved the attack, but some genuine customer queries are still flagged off as malicious. What this means is that the customers could not connect to the platform.
AWS alone is very large, not minding its equally voluminous traffic. So, when such attacks occur, it usually has a big effect on the platform and customers. With the attack, AWS is thinking of carrying out a deep analysis to fish out the major issue, which will prevent future attacks.
As the only AWS with 100% uptime SLA, Route 53 is service quiet a large number of customers. It is not surprising that this type of attack on AWS has already gone viral.
Resolving the issue
Some customers are resolving the issue. They do this by reviewing the configuration of clients who are accessing S3. Before making a request, the customers need to specify the actual area where their bucked is.