Transcript The Amazon Cloud Attack - CS 4235 Introduction to Information

Team 6: (DDoS) The
Amazon Cloud Attack
Kevin Coleman, Jeffrey Starker, Karthik
Rangarajan, Paul Beresuita, Arunabh Verma and
Amay Singhal
What Happened?
Bitbucket was down for
over 19 hours
DDoS took down the
connection between
Bitbucket and The Amazon
Elastic Computing Cloud
(EC2)
UDP packets and TCP
SYN connection packets
The Attack
What was the impact?
Because of this attack, Bitbucket received
over 19 hours of downtime
Their customers could not access any of
their source code hosted by Bitbucket
This attack showed that cloud computing
is not as safe as most people think.
Although, this is one of the first times the
attack has happened and it only affected
Bitbucket.
Why did the attack
succeed?
Initial complaint from Bitbucket dismissed as temporary
Tech support at Amazon denied anything was wrong with their
system, asking Bitbucket to look at their own
8 hours after the problem was reported, Amazon accepted that the
problem was on their system
Because of this initial dismissal, it took Amazon some time to figure
out the attack pattern
There are now confirmed reports that the EC2 service was exposed to
external Internet traffic
Why did the attack
succeed?
Jesper Nøhr, owner of Bitbucket, says Amazon’s OoS system failed when the cloud
came under attack
Amazon also did not have measures to detect a large number of UDP packets
targeted to the same IP address
Having this measure could have easily prevented this attack from happening
While it is largely clear how the attack succeeded, it is still not clear how the internal
EC2 and EBS were exposed to external internet traffic
EC2 and EBS were considered secure from such attacks since they are on the
internal network between Amazon and its customers
Faint rumors still do rounds that it might have been one of Amazon’s customers that
launched this attack, but this possibility is unlikely
What happened in the
aftermath?
Bitbucket, at one point, was considering switching service and
received offers from various providers
Nohr (creator Bitbucket) speculates the fact that their storage share
common network interface with the one that connects the site with the
outside world
Amazon issued a statement for the incidence
Discussions followed which raised some concerns about the service
Amazon’s statement
Amazon issued the following statement:
•
" .....one of our customers reported a problem with their Amazon
Elastic Block Store (EBS). This issue was limited to this customer's
single Amazon EBS volume ....…. While the customer perceived this
issue to be slowness of their EBS volume………. but rather that the
customer's Amazon EC2 instance was receiving a very large amount
of network traffic…….... we worked with the customer ….. to help
mitigate the unwanted traffic they were receiving…. apply network
filtering techniques which have kept their site functioning
properly….…. continue to improve the speed with which we diagnose
issues like this… use features like Elastic Load Balancing and AutoScaling to architect their services to better handle this sort of issue…."
What was done to make
system less vulnerable?
Transparency - Network Traffic information
Improved Customer Support
Better data filters and detection systems
Threat Prevention:
Transparency
Providing to the customer:
Network traffic information
Technical support for attack detection
Elastic Load Balance
Auto-Scaling
Distribute instances in multiple availability zones and regions.
Threat Prevention: Improved
Customer Support
Amazon’s technical support failed to properly
diagnose the issue quickly
Amazon didn’t trust Bitbucket’s information,
which in-correct time wasting diagnoses
11 hours were lost due to poor diagnoses
Threat Prevention:
Diversify Server Farms
Relying on specific cloud provider is
dangerous
Having a second provider accelerates website
recovery time after a DDoS attack
Spreading resources between providers
prevents a complete system failure.
Threat Prevention:
Improve Data Filters
Detecting harmful packets must be improved
Stopping harmful packets from reaching
sensitive equipment reduces system
vulnerability
What chapter in the book
will be helpful?
Chapter 7, specially 7.2
Sources
http://www.theregister.co.uk/2009/10/05/amazon_bitbucket_outage/
http://www.thewhir.com/web-hostingnews/100609_Outage_Hits_Amazon_Cloud_Customer_Hard
http://www.theregister.co.uk/2009/10/09/amazon_cloud_bitbucket_dd
os_aftermath/
http://www.networkworld.com/community/node/45891
http://blog.bitbucket.org/2009/10/04/on-our-extended-downtimeamazon-and-whats-coming/