Recently, I’ve been thinking about how easy it could be to potentially launch a large scale DDOS attack utilizing cloud service providers. With certain providers, you can set instances to launch automatically, run scripts, initiate the attack, and then shut itself down all without even being near your computer. Utilizing multiple providers and different zones/data centers within one company could amount to a very large scale DDOS. A lot of companies lack sufficient DDOS protection and even those which can detect and mitigate, are still susceptible to outgoing attacks. One quick and easy way would be to initiate your instance and have it attack for 5-10 minutes, then shut itself down and restart the process on a new instance with a new IP. Repeating this process with 200-300 instances per service provider and per zone in some cases could create a very large attack.

Obviously, the cloud provider would figure out what was going on and disable your account. How long this could take would depend on the company and how vigilant they are about monitoring their cloud. A way around this however would be to use stolen credit cards and create multiple accounts on each provider. Once an account has been shutdown an individual could then start bringing up instances on another one of the accounts they have. You could potentially have an unlimited number of accounts on a provider given you have enough stolen credit card numbers.

Using multiple proxy servers or internet cafés would prevent the cloud provider from blocking you at their signup page. With the number of free Wi-Fi points today you could easily do this while hopping from one free access to point to another in any large metropolitan. The cloud providers that use a completely automated signup would be most vulnerable to this type of attack. While using various cloud providers, I have yet to run into one that manually verifies a signup with something such as a telephone call to the card owner.

If anyone has any information on previous attacks launched from a cloud provider I would be very interested in hearing about it. I’m also curious to hear about any security measures that are being put in place to potentially keep an individual from launching such an attack.

-Chris

Related Posts

• Migrating to Cloud Computing

Tags: Cloud Hosting, DDOS attack, instance

This entry was posted on Monday, December 21st, 2009 at 11:28 am and is filed under Industry, tips. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.