Slashdot Mirror

← Back to Stories (view on slashdot.org)

Holiday E-Commerce DDoS Attack Hits EC2 Cloud

Posted by Soulskill on from the tis-the-season dept.

ARos writes "A holiday DDoS attack targeted a west-coast DNS provider, which is known for serving large-scale E-Commerce sites (including amazon.com and walmart.com). 'Neustar, which provides DNS services to high profile website addresses under the UltraDNS brand, said the flood of malicious traffic, just two days before Christmas, was directed at the company's facilities in San Jose and Palo Alto, and that the effects were mostly limited to California users.' CNet adds: 'In addition to the high-profile sites, dozens of smaller sites that rely upon Amazon for Web-hosting services were also taken down by the attack. Amazon's S3 and EC2 services were affected by the problems, according to Jeff Barr, Amazon's lead Web Evangelist, who retweeted a report to that effect without clarification and confirmed it in later tweets.'"

5 of 75 comments (clear)

  1. Re:Why? by palegray.net · · Score: 4, Funny

    Who is so damn board

    Hey, if I were made of wood I'd be angry too.

    --
    512 MB RAM, 20 GB disk, 200 GB transfer, five datacenters. $19.95/month.
  2. Consider extortion by grolaw · · Score: 4, Interesting

    One reason for DDoS attacks is to prove that you can shutdown a site.

    The site will pay for protection from future attacks. The offshore gambling sites have been "victims" of these attacks according to Steve Gibson.

  3. Re:Slashdot, now slower than all the major commerc by juuri · · Score: 4, Insightful

    Says the person with the ID over one million.

    Slashdot used to be quite fast with the aggregation, it is quite terrible now. When CNN or the BBC are reporting tech news faster than a site that is supposed to be for tech nerds that's a good indication of the quality and speed. What's worse is this write up actually has misinformation in it that was disproven ALREADY... but this is so slow coming here, well...

    --
    --- I do not moderate.
  4. Attack vectors shifting? by horatio · · Score: 4, Interesting

    Maybe I'm wrong, but it seems like the attack vectors are shifting away from going after your target directly, but instead attacking the critical infrastructure support services like DNS.

    --
    There is very little future in being right when your boss is wrong.
  5. Re:Why? by AigariusDebian · · Score: 5, Interesting

    Ever heard of DNS cache poisoning? There really should be an investigation into this. One of the attack vectors is pretty simple - use a DDOS to slow down the response time of the real DNS servers of *.amazon.com, use a cache poisoning timing-based attack on some subset of DNS servers further down the chain (like for example at a medium-sized ISP) to replace the IP of Amazon servers with an IP of your specially prepared hijacking servers, a client goes to amazon.com, but get redirected to your server, you proxy their traffic (use a man-in-the-middle attack to defeat SSL or just use human-engineering for that) until they make a purchase and instead of proxing their credit-card info you just keep it for your self and transfer money to your accounts. Profit!

    Something like that could have taken place here, but you cann't know that until you analyse logs at Amazon and all the ISP DNS servers that could have beenaffected by this.