Skip to main content

Denial-of-Service Attacks in AWS



Customers can call the coffee shop to place their orders. After answering each call, a cashier takes the order and gives it to the barista.

However, suppose a prankster calls in multiple times to place orders but needs to pick their drinks. This causes the cashier to be unavailable to take other customers' calls. The coffee shop can attempt to stop the false requests by blocking the phone number that the prankster is using.

In this scenario, the prankster's actions resemble a denial-of-service attack.

Denial-of-service attacks:

A Denial-of-Service (DoS) attack is a malicious attempt to disrupt the normal functioning of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices.

There are several types of DoS attacks, including but not limited to:

TCP SYN Flood Attack: This involves sending a succession of SYN requests to a target's system to consume enough server resources to make the system unresponsive to legitimate traffic.

Ping of Death: The attacker sends malicious pings to a computer, exploiting the maximum packet size of an IP packet (65,535 bytes) and causing the system to crash or become unstable.

Teardrop Attack: This involves sending fragmented packets to the targeted machine, which cannot reassemble these fragments due to a bug in the TCP/IP fragmentation reassembly process, causing a crash.

Botnets: Attackers use a network of 'zombie' computers to flood the target with traffic. Each computer sends a small amount of traffic, but the collective effect can be overwhelming.

HTTP Flood: This is a type of volumetric attack where an attacker exploits seemingly legitimate HTTP GET or POST requests to attack a web server or application.

DNS Flood: The attacker floods a particular domain's DNS servers to disrupt DNS resolution for that domain.

NTP Amplification: This is a reflection-based volumetric DDoS attack in which an attacker exploits a Network Time Protocol (NTP) server functionality to overwhelm a targeted network or server with an amplified amount of traffic.

Smurf Attack: The perpetrator sends Internet Control Message Protocol (ICMP) echo request packets to IP broadcast addresses, all having a spoofed source IP address of a victim, which then responds to each ICMP response, amplifying the traffic.


Distributed denial-of-service attacks:

A Distributed Denial-of-Service (DDoS) attack is a malicious attempt to disrupt the regular traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks are an evolution of the basic Denial of Service (DoS) attacks but are more potent because they originate from multiple sources, making them harder to stop.

Critical aspects of DDoS attacks include:

  1. Multiple Compromised Systems: In DDoS attacks, the traffic comes from numerous sources, potentially hundreds or even thousands. These can include compromised computers (forming a botnet), IoT devices, or other networked resources.
  2. Magnitude and Scale: Due to the multiple sources, DDoS attacks can generate enormous traffic, far exceeding what a single source could produce in a simple DoS attack.
  3. Methods and Vectors: Common methods include SYN floods, ICMP floods, UDP floods, HTTP GET/POST floods, and amplification attacks like NTP or DNS amplification. These methods aim to saturate the bandwidth of the victim's network or overwhelm the target's system resources.
  4. Motivation: Motivations for DDoS attacks can vary, including extortion, political activism (hacktivism), vandalism, or as a smokescreen for other malicious activities.
  5. Challenges in Mitigation: Mitigating DDoS attacks is challenging because it's difficult to differentiate between legitimate traffic and attack traffic. It often requires anti-DDoS technology, robust network architecture, and responsive planning.
  6. Impact: The impact of DDoS attacks can be substantial, including downtime, loss of customer trust, financial loss, and damage to the reputation of the targeted organization.


AWS Shield:

AWS Shield is a service that protects applications against DDoS attacks. AWS Shield provides two levels of protection: Standard and Advanced.

Expand each of the following two categories to learn more about AWS Shield.

AWS Shield Standard:

AWS Shield Standard automatically protects all AWS customers at no cost. It protects your AWS resources from the most common, frequently occurring DDoS attacks.

As network traffic enters your applications, AWS Shield Standard uses various analysis techniques to detect and automatically mitigate malicious traffic in real time.

AWS Shield Advanced:

AWS Shield Advanced is a paid service that provides detailed attack diagnostics and the ability to detect and mitigate sophisticated DDoS attacks.

It also integrates with services such as Amazon CloudFront, Amazon Route 53, and Elastic Load Balancing. Additionally, you can incorporate AWS Shield with AWS WAF by writing custom rules to mitigate complex DDoS attacks.

Labels:

Comments

Post a Comment

Popular posts from this blog

AWS Free Tier

The AWS Free Tier is designed to give you hands-on experience with a range of Amazon Web Services (AWS) products and services without charging you for usage up to a specific limit. This tier primarily benefits new AWS customers, allowing them to try different AWS services and gain practical experience before committing to more extensive usage. The Free Tier includes offers that are available for 12 months following your AWS sign-up date, as well as offers that are always free. Here are the main components of the AWS Free Tier: 12-Months Free: These offers are available to new AWS customers and are valid for 12 months following your AWS sign-up date. After the 12-month free usage term, you pay standard, pay-as-you-go service rates. Always Free: These offers do not expire and are available to all AWS customers. They provide limited access to a range of AWS services for free forever. However, the usage limits reset monthly. Trials: Short-term trial offers start when you activate a part...
Post a Comment
Read more

AWS Billing Dashboard

The AWS Billing Dashboard is a central part of the AWS Management Console, providing a comprehensive view of your AWS costs and usage. It's designed to help you understand and manage your expenses on AWS by offering detailed insights and analytics.  Use the  AWS Billing & Cost Management dashboard  to pay your AWS bill, monitor your usage, and analyze and control your costs. Compare your current month-to-date balance with the previous month, and get a forecast of the following month based on current usage. View month-to-date spending by service. View Free Tier usage by service. Access Cost Explorer and create budgets. Purchase and manage Savings Plans. Publish  AWS Cost and Usage Reports Here's an overview of its key features and capabilities: 1. Summary Dashboard Cost Overview: Displays your current month's spending and forecasts your monthly spend based on current usage patterns. Monthly Costs: Shows a breakdown of costs by service for the current mont...
Post a Comment
Read more

Cloud computing

  Cloud computing is a technology model that enables access to a shared pool of computing resources and services over the Internet. Instead of owning and maintaining physical servers and data centers, organizations can use cloud computing services provided by cloud service providers. These services include computing power, storage, databases, networking, software, and more. Cloud computing services can be categorized into several main models: Infrastructure as a Service (IaaS): IaaS provides virtualized computing resources over the Internet. Users can rent virtual machines, storage, and networking components, allowing them to run and manage their operating systems and applications. Platform as a Service (PaaS): PaaS offers a platform that includes the underlying infrastructure, development tools, and services to build, deploy, and manage applications. Users focus on coding and application development while the platform handles the underlying infrastructure. Software as a Service ...
2 comments
Read more