Analytical Report Regarding the Amazon Web Services (AWS)

Denial-of-Service (DoS) Attack

Denial-of-Service (Dos) Attack is a malicious attempt to affect the availability of a
targeted system, such as a website or an application, to legitimate users. It generally occurs when
a system launched a flooding attack on one or more targets which aims to overload their network
resources that can cause traffic and disruption of services. It can also cause a complete service
shutdown of a system.

Background Information

In February 2020, Amazon Web Services (AWS) was hit by a massive DoS Attack which
was recognized as the most extreme recent DoS Attack ever recorded. The attackers targeted an
unknown AWS customer using a technique called Connectionless Lightweight Directory Access
Protocol (CLDAP) Reflection. This technique amplifies the amount of data sent to the victim’s
IP Address by 56 to 70 times its initial size. The attack lasted for three days and peaked at an
astounding 2.3 terabytes per second. The company didn’t publicized the identity of the target so
it may have been a particular Amazon service or an AWS customer (i.e. Netflix and Twitter).
However, they clarified that the said attack was carried out using hijacked CLDAP web servers
which caused a three-day elevated thread for its AWS Shield Staff. AWS was able to withstand
the 2.3 terabytes of traffic flooding into their network due to their huge amount of bandwidth
present. In addition, their Amazon shield was able to detect and block a portion of the attack. The
company disclosed that the attack was resulted by a reflection attack which targets the
Lightweight Directory Access Protocol (LDAP) servers such as the Active Directory Servers.
This LDAP servers formulate a way to be able to send a forged packet at a CLDAP server. The
CLDAP will then respond with bigger amount of data than the data initially sent to it, which
results to a generation of a falsified source address which may end up generation a huge amount
of traffic that will be distributed. During the AWS DoS Attack, the website or application was
unavailable to the end users. They failed to access the site while experiencing disruption and
crashing of the site.

Possible Preventive Measures

As a company that caters an enormous number of users, AWS should utilize its resources
so as to maintain the effectivity and security of the websites or application, and to monitor and
control the maintenance of it. The company should invest in providing service that scans and
filters incoming and outgoing requests in order to monitor and control the users that enter a
particular server. In addition, another method that the company can stipulate is by providing
CAPTCHA which stands for “Completely Automated Public Turing Test to tell Computers and
Humans Apart”. CAPTCHA is used to mitigate DoS Attacks because of its capability to identify
whether the user trying to enter a specific server is a human or a computer. Computers and bots
won’t be able to enter and attack a website protected by CAPTCHA. Since some of the users find
CAPTCHA as inconvenient and cumbersome, they can integrate systems that can detect multiple
requests coming from a single user. The system could be prompted to send CAPTCHA in order
to limit the number of requests that can be sent simultaneously by a single user. Since it was
mentioned by the AWS that the Amazon Shield was able to detect and block a portion of the
attack, the company should improve that system in order to prevent future DoS Attacks.
Subsequently, increasing and expanding your bandwidth is one of the most basic steps with the
intention of preventing DoS Attacks. Ensure that your system have enough bandwidth to handle
spikes in traffic which may be caused by malicious and suspicious activities.

In providing service to legitimate users, a company should always monitor, control, and
secure the system being operated with the purpose of providing effective and satisfactory service.
When facing DoS Attacks, the company isn’t the only party being affected. The users,
particularly the constant and legitimate users, are highly affected when such phenomena occurs.
Consider the fact that some users are highly dependent when it comes to the service being
provided by a specific company as it plays a big part of their daily lives.

References:

https://youtu.be/qxH4FyBqHjw

https://www.zdnet.com/article/aws-said-it-mitigated-a-2-3-tbps-ddos-attack-the-largest-ever/

https://siliconangle.com/2020/06/17/aws-mitigated-record-breaking-2-3-tbps-ddos-attack-
february/