Comments on: FIXED: Amazon EC2 vulnerable to UDP flood attacks

By: Punching UDP Holes in Amazon EC2

Punching UDP Holes in Amazon EC2 — Tue, 03 Nov 2009 04:24:26 +0000

[...] security group rules are applied at an instance’s dom0 (as makes at least some sense and as this research implies), I now suspect that all dom0 hosts have entire view of all security groups in the region [...]

By: Amazon Web Services: It's Not The Size Of the Ship, But Rather The Motion Of the... | Rational Survivability

Fri, 16 Oct 2009 15:58:00 +0000

[...] The tests done here showed the capability to generate 650 Mbps from a single medium instance that attacked another instance which, per Radim Marek, was using another AWS account in another availability zone. So if the “largest” DDoS attacks now exceed 40 Gbps” and five EC2 instances can handle 5Gb/s, I’d need 8 instances to absorb an attack of this scale (unknown if this represents a small or large instance.) Seems simple, right? [...]

By: egrep-cloud-cambrian-watch-2009-10-06 « すでにそこにある雲

egrep-cloud-cambrian-watch-2009-10-06 « すでにそこにある雲 — Wed, 14 Oct 2009 06:13:28 +0000

[...] FIXED: Amazon EC2 vulnerable to UDP flood attacks « laststation.net – ふむふむ [...]

By: Standalone Web Front Door a Must in EC2?

Standalone Web Front Door a Must in EC2? — Tue, 13 Oct 2009 15:24:59 +0000

[...] outage shed more light on some internal designs of EC2 itself, as described here. It might have also showcased our over-confidence in EC2’s ability to detect and defeat [...]

By: Demand Transparency | CloudAve

Demand Transparency | CloudAve — Tue, 13 Oct 2009 12:48:48 +0000

[...] with strategies to improve the trust factor in cloud computing. BTW Amazon, it appears EC2 is still vulnerable to UDP flood attacks (at least at the time when that blog post went live).While arguing about certain advantage enjoyed [...]

By: links for 2009-10-12 « Bloggitation

links for 2009-10-12 « Bloggitation — Tue, 13 Oct 2009 06:12:50 +0000

[...] Amazon EC2 still vulnerable to UDP flood attacks (tags: amazon ec2 security sysadmin) Categories: Links Comments (0) Trackbacks (0) Leave a comment Trackback [...]

By: Transparency: I Do Not Think That Means What You Think That Means... | Rational Survivability

Tue, 13 Oct 2009 05:24:48 +0000

[...] study seems to suggest that the problem may not yet be well understood or solved by AWS (See: Amazon EC2 vulnerable to UDP flood attacks) (Ed: After I wrote this, I got a notification that this particular issue has been fixed which is [...]

By: Tom

Tom — Tue, 13 Oct 2009 01:00:04 +0000

I don’t see how “All that in less than 24 hours after publishing the link on Twitter. Good job!” applies.

Kudos to Amazon for finally fixing it, but this was over a week after the first occurrence, not merely a day after you posted your blog post.

By: Radim Marek

Radim Marek — Mon, 12 Oct 2009 18:33:50 +0000

This post is not longer relevant. See the notice on the top.

By: Martin

Martin — Mon, 12 Oct 2009 14:53:05 +0000

Hello Radim,

thank you for the corrections – and sorry for the confusion, I don’t know how I have missed that you actually used different sec. groups.