AWS Said It Mitigated a 2.3 Tbps DDoS Attack, the Largest Ever

An anonymous reader quotes a report from ZDNet: Amazon said its AWS Shield service mitigated the largest DDoS attack ever recorded, stopping a 2.3 Tbps attack in mid-February this year. The incident was disclosed in the company's AWS Shield Threat Landscape [PDF], a report detailing web attacks mitigated by Amazon's AWS Shield protection service. The report didn't identify the targeted AWS customer but said the attack was carried out using hijacked CLDAP web servers and caused three days of "elevated threat" for its AWS Shield staff. [...] The previous record for the largest DDoS attack ever recorded was of 1.7 Tbps, mitigated by NETSCOUT Arbor in March 2018. Before that, the biggest DDoS attack ever recorded was a 1.3 Tbps DDoS attack that hit GitHub, a month before, in February 2018.

DDoS attacks, the Jokers of cyber-attacks

[molarmass192]

They serve absolutely no purpose other than to watch the world burn. So go ahead Jokers, just remember that none of us are amused and all you’re doing is drumming up support amongst the non-tech populace for ever tightening restrictions around technology and networks.

Re:

[lucasnate1]

Maybe the jokers want tightening restrictions

Re:DDoS attacks, the Jokers of cyber-attacks

[Anubis IV]

China has in recent years been deploying an offensive companion to the Great Firewall known as the Great Cannon to take down sites and services hosting content outside their borders that they deem unacceptable. It's not just jokers doing DDOS attacks.

Re:

[molarmass192]

TIL, how convenient that so many IOT devices are made in China.

Re:

[Aighearach]

We need our own border firewall, IMO.

Re:

[phantomfive]

For a while, DDos attacks were common against things like gambling websites as a method of extortion. The attackers said, "pay us, or your website will be inaccessible," and a lot of times the websites would pay.

These days, with things like Cloudflare and other DDOS defenses, it has gotten a lot harder. I don't know who is trying these attacks, or what they hope to achieve.

Re:

[Cylix]

If you believe the unwashed masses understand the concept of a DDoS you are very mistaken.

Re: DDoS attacks, the Jokers of cyber-attacks

[jd]

DDoS seems to be mostly via botnets. A botnet can be used for many things and presumably rented out to customers - but you'd need to prove you have one and that it has the bandwidth and cpu firepower you claim.

I would imagine apolitical attacks are advertising campaigns. Not intended to produce any effect beyond getting clients to buy time playing with the zombies.

Re:

[sg_oneill]

Oh almost entirely. The distributed human style "low orbit ion cannon" type attack isn't really scaleable, small scale sites you can raise an angry mob against, at most. Good against scientologists or your favorite shitbag company , but not so useful against big distributed cloud services or whatever

Re:DDoS attacks, the Jokers of cyber-attacks

[chispito]

They serve absolutely no purpose

Extortion. If you're not sure how, read Krebs' writeup on the Mirai botnet [krebsonsecurity.com]. It's pretty enlightening.

Re:

[chispito]

Sorry, to be more specific: a protection racket.

Re:DDoS attacks, the Jokers of cyber-attacks

[Gravis Zero]

They serve absolutely no purpose other than to watch the world burn.

This isn't true at all! Much of the time they are used as a smokescreen while a real hack happens. A massive DDoS makes it difficult to see and/or track what is actually happening, especially if you are rapidly wrapping the logs in junk data.

This isn't a hypothetical, it really happens.

Technical References, here

[ItsJustAPseudonym]

I'd never heard of 'CLDAP'. Here's some info that I found, for reference:

https://wiki.wireshark.org/MS-... [wireshark.org]
https://www.bleepingcomputer.c... [bleepingcomputer.com]

At first I was thinking the punchline of this story would be, that other AWS servers were being used to run the DDoS attack. That would have been ironic.

Re:

[divide overflow]

At first I was thinking the punchline of this story would be, that other AWS servers were being used to run the DDoS attack. That would have been ironic.

Not to mention incredibly stupid, immediately detectable, quickly resolvable, and probably quickly attributable.

Re:

[bill_mcgonigle]

... is an alternative to the LDAP protocol from Microsoft ... While both protocols work on port 389, LDAP works via TCP, while CLDAP, as its name implies - Connection-less Lightweight Directory Access Protocol - works via UDP.

Oh, lord, they didn't even learn from NTP amplification attacks. Shocked, I say, shocked.

Unfortunately, not liable, so why should they care?

Re:

[Slugster]

I am kinda-sorta in the same area with you,,, I was wondering if maybe someone hadn't found a bunch of unsecured AWS buckets, and tried to download them all at once...

Units of Measure

[pr0t0]

2.3 Tablespoons of DDoS is a lot for most recipes, but I don't think you need to cheer about using less.

Oh, Tbps! Well, that is a lot more.

Are botnets still stereotypically Windows boxes?

[zkiwi34]

Or is it now more likely to be âoesmartâ devices?

Any independent verification?

[thegarbz]

A previously unheard of biggest DDoS ever against an undisclosed customer back in February published by a company who sells anti-DDoS services?
As the kids used to say pix or didn't happen.

Has anyone else confirmed that it actually happened and worked, or is this just some careful marketing against Cloudflare, incidentally a company that reported the biggest DDoS ever was occurring *while* it was occurring and not 5 months later in a press release.

Micro$oft

[devlp0]

Amazon should chase Micro$oft for damages.