AWS mitigated a record-breaking 2.3 Tbps DDoS attack in February

Amazon Web Services Inc. today revealed that it managed to mitigate a 2.3 terabytes-per-second distributed denial-of-service attack in February, the largest DDoS attack ever recorded.

Detailed in the AWS Shield Threat Landscape Report- Q1 2020, the attack lasted three days, with those behind it unsuccessful in knocking Amazon cloud services offline.

The attack was a so-called Connection-less Lightweight Directory Access Protocol reflection-based attack. A CLDAP reflection attack involves an attacker sending a CLDAP request to a LDAP server with a spoofed sender IP address — the target’s IP address. The server mounts a bulked-up response to the target’s IP address, causing the reflection attack, hence the name.

The ultimate aim, as with all DDoS attacks, is to flood the target with a massive amount of data to disrupt normal traffic, making the website or app hosted on the server unresponsive.

While specifically mentioning the attack, the AWS report notes that smaller network volumetric events are far more common. The 99th percentile events in the first quarter of 2020 is said to have been 43 gigabytes per second.

The report also notes that after CDLAP reflection attacks, the second-most common DDoS vector observed by AWS in the first quarter were SYN flood attacks. A SYN flood is a form of DoS attack in which an attacker sends repeated SYN packets to every port on a targeted server often using a fake IP address.

According to Imperva, the server, unaware of the attack, receives multiple, apparently legitimate requests to establish communication. It responds to each attempt with a SYN-ACK packet from each open port, eventually causing the server’s connection overflow tables to fill and thus denying access to legitimate clients.

The previous known record for a DDoS attack was an attack that targeted GitHub Inc. in March 2018, which peaked at 1.2 Tbps.

With computing power growing, so too are the size of DDoS attacks. If not for the AWS 2.3Tbps DDoS attack, the new record would actually involve a web host supported by Akamai Technologies Inc. in June.

A new report published by Fahmida Y. Rashid at Duo Security details a DDoS attack targeting a website hosted by a hosting provider that peaked at 1.44 Tbps, the largest Akamai has ever seen. The main attack lasted for an hour and a half with smaller attacks targeting the website later.

Similar to the AWS report, these attacks involved volumetric attacks and floods of ACK, SYN, UDP, NTP, TCP reset and SSDP packets, multiple botnet attack tools and CLDAP reflection.

We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x