DDoS attack rains down on Amazon cloud - Tech & Computer Forums

Go Back   Tech & Computer Forums > Computer Software > Viruses, Spyware and Malware
Closed Thread
 
Thread Tools Display Modes
 
Old 10-05-2009, 03:11 PM   #1 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,815
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default DDoS attack rains down on Amazon cloud

Updated Web-based code hosting service Bitbucket experienced more than 19 hours of downtime over the weekend after an apparent DDoS attack on the sky-high compute infrastructure it rents from Amazon.com.
This in turn left many developers without access to code projects hosted on Bitbucket, a GitHub-like service based on the Mercurial version control system.


"Looks like all (my and a large number of fellow nerds) bitbucket projects have evaporated in a temporary, cloudy way. This is a major ****off," said one Reg reader and Bitbucket user, as others vented via Twitter.

But on another level, the news is sure to fuel fears over the security of Amazon's Elastic Compute Cloud (EC2) and similar "infrastructure clouds," online services that provide grid-like access to scalable processing, storage, and networking resources.
"The lesson here is: 'Dont bet the farm on a single cloud provider,'" says Craig Balding, founder of cloudsecurity.org and a security practitioner at a Fortune 500 company. "It's common sense really. But people get lulled into thinking they site is always going to be available [when they host with a single provider]."
According to a blog post from Jesper Nhr, the Danish developer who runs Bitbucket.org, the site's Amazon-hosted network storage became "virtually unavailable" beginning Friday evening, and the outage persisted well into Saturday before Amazon pinpointed the problem.
Nhr says Amazon advised him not to divulge the cause of the outage. But he divulged anyway. "We were attacked. Bigtime. We had a massive flood of UDP [User Datagram Protocol] packets coming in to our IP, basically eating away all bandwidth to the box," he wrote. "So, basically a massive-scale DDOS. Thats nice."
Speaking with The Reg, Nhr said that Amazon urged him not to reveal the attack because it might help attackers develop new ways of DDoSing the site.
After uncovering the problem - at least 16 hours after it was first reported - Amazon blocked the offending traffic, and service returned to normal. But by the next morning (Sunday), the problem returned, and another two hours passed before this second outage was reversed. According to Nhr, Amazon told him the second attack used a flood of TCP SYN connection requests, rather than UDP packets.
Then, it seems, a third attack arrived. Nhr tells The Reg that an attack on an Amazon edge router took out service for some but not all Bitbucket customers for close to one and a half hours earlier today.
For Nhr and other Bitbucket devotees, it seems odd that traffic from the net at large could bring down what should be "internal" storage resources. Nhr speculates that Bitbucket's storage sits on the same network interface that connects the site to the outside world. He asks why the storage isn't on a separate channel - and why Amazon doesn't have methods in place to rapidly detect and combat such DDoS attacks.
"I do think they couldve taken precautions to at least be warned if one of their routers started pumping through millions of bogus UDP packets to one IP," he wrote, "and I also think that 16+ hours is too long to discover the root of the problem."
Cloudsecurity.org's Balding is equally surprised that an outside attack could somehow "get between" EC2 and EBS. But since Amazon treats its service as a black box, he says, it's difficult to tell what actually occurred. He says it's possible that the attack came from inside EC2 - i.e. from another EC2 customer - but this is unlikely. "You'd think that Amazon could have shut down that sort of thing pretty quickly," he tells The Reg.
Amazon did not immediately respond to a request for comment, but we made contact before Pacific Coast office hours. We will update this story when the company responds.
In a security white paper (pdf) dated September 2008, the company says it uses standard DDoS-fighting techniques such as syn cookies and connection limits. It also says: "To further mitigate the effect of potential DDoS attacks, Amazon maintains internal bandwidth which exceeds its provider-supplied Internet bandwidth."
Bitbucket runs its entire site on Amazon's Elastic Compute Cloud, using the company's Elastic Block Store (EBS) for storing its database, log files, user data, and more. EBS provides persistent storage for EC2 server instances.
On Friday evening, Jesper Nhr and Bitbucket told Amazon that there appeared to be a serious slowdown in the transfer of data to and from its Elastic Block Store. Nhr said the site was "getting less throughput than you can pull off of a 1.44MB floppy".
But when Nhr first reported the problem, an Amazon support rep blamed it on that fact that EBS is a shared resource, saying that performance could vary. But after Nhr made another call, a second rep acknowledged that the problem went beyond the usual performance hiccups.
"We had been extremely frustrated up until this point, because 1) we couldnt actually *do* anything about it, and 2) we were being told that everything should be fine," Nhr wrote. "It felt like there was an elephant right in front of us, and a person next to us was insisting that there wasnt."
Eventually, Nhr said, Amazon gave the problem the attention it deserved. "After a bit of stalling with their first rep, our case received absolutely stellar attention. They were very professional in their correspondence, and in communicating things to us along the way."
Nhr says that Amazon wants to work with him to ensure this sort of attack doesn't happen in the future, but he's now considering a switch to another hosting provider.
"Were seriously considering moving to a different setup now," he said. "Not because Amazon isnt providing us with decent service, which they are, most of the time. While we were down, several large hosting companies took direct contact with us, pitching their solutions. I wont mention names, but some of the offerings are quite tempting, and have several advantages over what we get with Amazon.
"One things for sure, were investing a lot of man-hours into making sure this wont happen again. If this means moving to a different host, so be it. We havent decided yet."
According to Nhr, the DDoS traffic was spoofed, so it's unclear where it originated. Nhr speculates that attackers were targeting a Bitbucket-hosted project "related to" World of Warcraft, but he declined to name the service

DDoS attack rains down on Amazon cloud ? The Register
__________________
Osiris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Mininova Under Massive DDoS Attack Osiris Viruses, Spyware and Malware 4 03-08-2009 09:05 PM
DDoS attack boots Kyrgyzstan from net Osiris Viruses, Spyware and Malware 0 01-28-2009 03:03 PM
Network Solutions Under Prolonged DDoS Attack Osiris Viruses, Spyware and Malware 1 08-26-2008 10:42 AM
DDoS attack floors Georgia prez website Osiris Viruses, Spyware and Malware 1 07-21-2008 11:00 AM
CNN DDOS Attack Called Off Osiris Viruses, Spyware and Malware 0 04-20-2008 09:38 AM


All times are GMT -5. The time now is 01:13 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Content Relevant URLs by vBSEO