Amazon Web Services’ Router 53 domain name system (DNS) service was waylaid by a prolonged distributed denial of service attack, affecting a number of online sites and services that rely on AWS.
According to multiple reports, a flood of fake traffic disrupted legitimate attempts to resolve DNS requests to connect to Amazon cloud-hosted storage buckets and systems. The incident took place on 22 October and stretched from around 1:30 p.m. ET to 9:30 p.m. ET, Amazon disclosed in a service update, according to reports. And at 8:16 p.m. ET, Amazon observed a very small sampling of specific DNS names that experienced a higher error rate.
"We’re investigating reports of intermittent DNS resolution errors with Route 53 & our external DNS providers," AWS Support tweeted on 22 October at 1:06 p.m. ET. Later, at 9:30 p.m., AWS Support tweeted that "The AWS DNS issues that may have affected your experience with Route 53 or our external DNS providers has been resolved."
The attack reportedly affected not just access to S3 buckets, but also services that rely on external DNS queries, including the Amazon Relational Database Service, Simple Queue Service, CloudFront, Elastic Compute Cloud and Elastic Load Balancing.
The UK’s The Register reported that AWS customers received a note from company support agents informing them that DDoS mitigations were able to withstand some, but not all, of the malicious traffic. AWS also informed affected customers that they could mitigate the issue by updating "the configuration of their clients accessing S3 to specify the specific region that their bucket is in when making requests to mitigate impact."
The original version of this article was published on SC Media US.