DDoS attack on DNS hits Amazon and others briefly
Internet users in Northern California were unable to reach properties including Amazon.com and Amazon Web Services for a time Wednesday evening, as their DNS provider was targeted by a distributed denial-of-service attack. The attack came as North American consumers rushed to finish online shopping ahead of the end-of-year holiday season.
Amazon Web Services (AWS) was the first to signal something was amiss. Its status page indicates that at 5:43 p.m. Pacific Time on Wednesday its staff was investigating reports of DNS (Domain Name System) resolution errors from customers trying to reach its S3 cloud storage service. The problem persisted until 6:38 p.m. Pacific Time, but in the meantime the S3 service continued to operate, AWS said.
However, staff at Neustar, the owner of Amazon’s DNS provider UltraDNS, was aware of the problem around an hour earlier, at 4:45 p.m. Pacific Time.
“At 7:45 p.m. Eastern Time we noticed an abnormal spike in queries and immediately identified it as a DDoS attack,” said Allen Goldberg, vice president of corporate communications at Neustar, in an e-mail.
The company was able to analyze the attack pattern and take steps to limit its effects within minutes of identifying the problem, he said.
“We had everything under control well under an hour. The attack was limited to Northern California Internet users,” he said.
Other AWS cloud services in North America experienced similar problems, including the Virginia and Northern California data centers hosting EC2, the Elastic Compute Cloud. The company’s SimpleDB and Simple Queue Service servers, and all AWS servers in Ireland, were unaffected by the DNS problem.
The outage affected the e-commerce servers of parent company Amazon.com too, and many others: “Tons of sites are offline,” wrote Jeff Barr, Amazon Web Services strategist, in a Twitter message.
Others reported that sites including Second Life were also experiencing problems.