AWS Shield

2020: Reflection of the largest DDoS attack in the history

In the middle of June, 2020 it became known that in February of Amazon using AWS Shield service reflected the largest DDoS attack in the history which at peak of power reached speed of 2.3 tbit/page.

This incident was described in the report of AWS Shield Threat Landscape where the web attacks reflected by service of protection Amazon AWS Shield in detail are considered. The client of AWS in the report is not called, as well as the expected malefactor, but is mentioned that the attack was performed using the captured CLDAP Web servers, and the mode of "the increased threat" worked three days.

Amazon reflected the largest DDoS attack in the history

CLDAP is an alternative to the old LDAP protocol and is used for connection, search and change of shared directories of the Internet. It is known that the CLDAP servers allow to strengthen at 56-70 times DDoS attack power, directing the reflected data packets back to the victim.

The protocol was used for DDoS attacks since the end of 2016. The former record of power of DDoS attack made 1.7 Tbit / page. The NetScout Arbor service in March, 2018 faced this attack. A month before that, in February, 2018, the largest of the registered DDoS attacks fell upon GitHub from speed of traffic of 1.3 tbit/page. In these cases malefactors attacked the vulnerable Memcached Internet servers for achievement of bigger capacity. Then Memcached was a new vector of DDoS attacks, and hackers struck more than 100,000 servers.

Nevertheless, mass DDoS attacks became a rarity, first of all thanks to suppliers of Internet services (ISP), content delivery networks (CDN) and other large Internet players working together for protection of the vulnerable Memcached systems. The majority of DDoS attacks usually reach a maximum in the range of 500 Gbps therefore news about an attack to AWS with a speed of 2.3 Tbit / with became surprise for the companies working in this industry.^[1]

Notes