8.2.3. Attack on Amazon Cloud

Facts 1/2

October 2009, Bitbucket has been subject to DDoS attack

  • Bitbucket web-based code-hosting service runs its entire site on Amazon EC2
  • servers are down for at least 19 hours, customers do not have access to their source codes
  • UDP and TCP SYN packets

Why did the attack succeed?

  • Amazon ignores the initial complaint from developers of Bitbucked
  • Amazon insist that their system is working properly
  • At least eight hours later, Amazon accepted that indeed the problem is with the cloud and claim that EC2 service was somehow exposed to external Internet traffic
  • Jesper Nhr, owner of Bitbucket, says Amazons system failed when the cloud came under attack
  • Basically, Amazon did not have measures to detect a large number of UDP packets targeted to the same IP address
  • If Amazon had this measure it could have easily prevented this attack from happening
  • While it is largely clear how the attack succeeded, it is still not clear how the internal EC2 and EBS were exposed to external internet traffic
  • EC2 and EBS were considered secure from such attacks since they are on the internal network between Amazon and its customers
  • Rumors still do rounds that it might have been one of Amazons EC2 customers that launched this attack, but this possibility is unlikely

Amazon issued the following statement

” ... one of our customers reported a problem with their Amazon Elastic Block Store (EBS). This issue was limited to this customer’s single Amazon EBS volume ... While the customer perceived this issue to be slowness of their EBS volume ... but rather that the customer’s Amazon EC2 instance was receiving a very large amount of network traffic ... we worked with the customer ... to help mitigate the unwanted traffic they were receiving ... apply network filtering techniques which have kept their site functioning properly ... continue to improve the speed with which we diagnose issues like this... use features like Elastic Load Balancing and Auto-Scaling to architect their services to better handle this sort of issue ...”

Lesson learned 2/2

To make the system less vulnerable Amazon provided

  • Transparency
    • Network traffic information to the customer
    • Elastic Load Balance
    • Distribute instance across zones and regions
    • Technical support for attack detection
  • Improved Customer Support
    • Amazon failed to properly diagnose the issue
    • Amazon didn't trust customer
  • Improved detection systems

For customers it is better to have diversity in servers

  • Relying on specific cloud provider is dangerous
  • Second provider accelerates website recovery time after a DDoS attack
  • Spreading resources between providers prevents a complete system failure



PREV
NEXT

Projekt Cloud Computing – nowe technologie w ofercie dydaktycznej Politechniki Wrocławskiej (UDA.POKL.04.03.00-00-135/12)jest realizowany w ramach Programu Operacyjnego Kapitał Ludzki, Priorytet IV. Szkolnictwo wyższe i nauka, Działanie 4.3. Wzmocnienie potencjału dydaktycznego uczelni w obszarach kluczowych w kontekście celów Strategii Europa 2020, współfinansowanego ze środków Europejskiego Funduszu Społecznego i budżetu Państwa