author photo
By Bruce Sussman
Thu | Oct 24, 2019 | 8:06 AM PDT

Some AWS customers struggled for hours on October 23rd, and now it turns out that was the result of a DDoS attack.

Word of the attack started leaking out as customers posted about their experiences with AWS online. This includes jared52, who shared details about what he was told.

I just got off a chat with an AWS agent:

"We are investigating reports of occasional DNS resolution errors. The AWS DNS servers are currently under a DDoS attack. Our DDoS mitigations are absorbing the vast majority of this traffic, but these mitigations are also flagging some legitimate customer queries at this time.

We are actively working on additional mitigations, as well as tracking down the source of the attack to shut it down. Amazon S3 customers experiencing impact from this event can update the configuration of their clients accessing S3 to specify the specific region that their bucket is in when making requests to mitigate impact.

For example, instead of 'mybucket.s3.amazonaws.com' a customer would instead specify 'mybucket.s3.us-west-2.amazonaws.com' for their bucket in the US-WEST-2 region. If you are using the AWS SDK, you can specify the region as part of the configuration of the Amazon S3 client to make sure your requests use this region-specific endpoint name."

And Infosecurity Magazine reported:

The attack hit the cloud giant's Router 53 DNS web service, which had a knock-on effect on other services including Elastic Load Balancing (ELB), Relational Database Service (RDS) and Elastic Compute Cloud (EC2), that require public DNS resolution.

So your AWS services may not have been directly under attack, perhaps you were simply caught in the digital crossfire.

And according to Amazon Web Services, the impacts of this attack lasted for eight hours—from 10:30 a.m. to 6:30 p.m. PDT.

Comments