How Amazon Web Services Thwarted The Biggest DDoS Attack Ever Recorded

Amazon has earned itself some well-deserved bragging rights for putting a stop to what ranks as the largest distributed denial of service (DDoS) attack ever, and by quite a bit. According to data divulged by Amazon, it halted a DDoS attack that peaked with a "previously unseen volume" of 2.3 terabits per second in February 2020.

The attempted attack leveraged a compromised Connection-less Lightweight Directory Access Protocol (CLDAC). It also resulted in three days of "elevated threat during a single week" before it subsided.

Amazon shared the details in its latest AWS Shield Threat Landscape report (PDF), in which it notes that the "largest known DDoS attacks are UDP reflection attacks." CLDAP is a known UDP reflection vector that in some cases is used in place of LDAP, an older protocol, to access shared directories. According to Amazon, this attacked was "approximately 44 percent larger than any network volumetric event previously detected on AWS."

AWS Shield Graph
Source: Amazon

It is also by far the biggest DDoS attack AWS has seen this year, as shown in the graph above. And as noted by ZDNet, which spotted the interesting nugget in the latest thread report, the largest DDoS attack before this one hit 1.7 Tbps in March 2018. Prior to that, the record stood at 1.3 Tbps, for an attack a month earlier on GitHub.

DDoS attacks this large have become somewhat rare, as Internet service providers (ISPs), content delivery networks (CDNs), and other organizations work to secure popular attack vectors, which previously consisted of Memcached servers. As a frame of reference, the largest DDoS attack observed so far this year by Cloudflare stands at a little over 550 Gbps.

It is not clear who/what the target of the 2.3 Tbps attack was carried out on, only that it was detected and mitigated by AWS Shield.

"AWS Shield is a managed distributed denial of service protection service that safeguards applications running on AWS. AWS Shield provides always-on detection and automatic inline mitigations that minimize application downtime and latency, so there is no need to engage AWS Support to benefit from DDoS protection," Amazon explains.

In short, AWS Shield monitors network traffic for network volumetric events and places mitigations as needed to protect services and applications running on AWS. Kudos to Amazon.