8.2.3. Attack on Amazon Cloud
October 2009, Bitbucket has been subject to DDoS attack
- Bitbucket web-based code-hosting service runs its entire site on
Amazon EC2
- servers are down for at least 19 hours, customers do not have
access to their source codes
- UDP and TCP SYN packets
Why did the attack succeed?
- Amazon ignores the initial complaint from developers of Bitbucked
- Amazon insist that their system is working properly
- At least eight hours later, Amazon accepted that indeed the problem
is with the cloud and claim that EC2 service was somehow
exposed to external Internet traffic
- Jesper Nhr, owner of Bitbucket, says Amazons system failed when
the cloud came under attack
- Basically, Amazon did not have measures to detect a large number
of UDP packets targeted to the same IP address
- If Amazon had this measure it could have easily prevented this
attack from happening
- While it is largely clear how the attack succeeded, it is still not
clear how the internal EC2 and EBS were exposed to external
internet traffic
- EC2 and EBS were considered secure from such attacks since they
are on the internal network between Amazon and its customers
- Rumors still do rounds that it might have been one of Amazons
EC2 customers that launched this attack, but this possibility is
unlikely
Amazon issued the following statement
” ... one of our customers reported a problem with their Amazon Elastic Block Store (EBS). This issue was limited to this customer’s single Amazon EBS volume ... While the customer perceived this issue to be slowness of their EBS volume ... but rather that the customer’s Amazon EC2 instance was receiving a very large amount of network traffic ... we worked with the customer ... to help mitigate the unwanted traffic they were receiving ... apply network filtering techniques which have kept their site functioning properly ... continue to improve the speed with which we diagnose issues like this... use features like Elastic Load Balancing and Auto-Scaling to architect their services to better handle this sort of issue ...”
To make the system less vulnerable Amazon provided
- Transparency
- Network traffic information to the customer
- Elastic Load Balance
- Distribute instance across zones and regions
- Technical support for attack detection
- Improved Customer Support
- Amazon failed to properly diagnose the issue
- Amazon didn't trust customer
- Improved detection systems
For customers it is better to have diversity in servers
- Relying on specific cloud provider is dangerous
- Second provider accelerates website recovery time after a DDoS
attack
- Spreading resources between providers prevents a complete system
failure
Projekt Cloud Computing – nowe technologie w ofercie dydaktycznej Politechniki Wrocławskiej (UDA.POKL.04.03.00-00-135/12)jest realizowany w ramach Programu Operacyjnego Kapitał Ludzki, Priorytet IV. Szkolnictwo wyższe i nauka, Działanie 4.3. Wzmocnienie potencjału dydaktycznego uczelni w obszarach kluczowych w kontekście celów Strategii Europa 2020, współfinansowanego ze środków Europejskiego Funduszu Społecznego i budżetu Państwa