AWS re:Post을(를) 사용하면 다음에 동의하게 됩니다. AWS re:Post 이용 약관
AWS re:Postre:Post

AWS Shield Standard not preventing DDOS?

0

My website under Route 53 and ALB was flooded once on 12 May but seemed Shield Standard didn't do anything to prevent?

Showing 1000 of 9,828,102 records matched:

2022-05-12T08:01:25.024+08:00	51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"

2022-05-12T08:01:25.024+08:00	51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"

2022-05-12T08:01:25.024+08:00	51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"

2022-05-12T08:01:25.024+08:00	51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.024+08:00	51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko" "-"

2022-05-12T08:01:25.274+08:00	163.172.215.59 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)" "-"

2022-05-12T08:01:25.274+08:00	175.178.1.47 - - [12/May/2022:00:01:25 +0000] "GET http://azenv.net/ HTTP/1.1" 200 8216 "-" "Go-http-client/1.1" "-"

2022-05-12T08:01:25.274+08:00	20.231.61.213 - - [12/May/2022:00:01:25 +0000] "CONNECT aj-https.my.com:443 HTTP/1.1" 400 157 "-" "-" "-"

2022-05-12T08:01:25.274+08:00	163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"

2022-05-12T08:01:25.274+08:00	163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Linux; Android 5.0; SM-G920A) AppleWebKit (KHTML, like Gecko) Chrome Mobile Safari (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)" "-"

2022-05-12T08:01:25.274+08:00	163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-"

2022-05-12T08:01:25.274+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"

2022-05-12T08:01:25.274+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.524+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.18247" "-"

2022-05-12T08:01:25.524+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like
주제
보안, 신원 및 규정 준수
태그
AWS Shield
언어
English
ondemand
질문됨 2년 전481회 조회
2개 답변
1

It seems to me that this would be a layer 7 attack. Just repeatedly doing http requests. AWS Shield Standard does not protect against this kind of attack.

You can easily implement protection for this kind of attack by attach a WAFv2 rule to the ALB blocking too many requests from the same IP to the ALB.

For additional support and automatic mitigation of these kind of attack you can implement AWS Shield Advanced. This is not free though and the price might not fit your business case.

profile picture
JaccoPK
답변함 2년 전
0

It's important to understand that Shield itself only protects L3/L4 DDoS attacks and it doesn't apply with L7 DDoS Attacks. Shield relies on AWS WAF for mitigation of L7 DDoS.

For a Cloudformation Stack to deploy AWS WAF please refer to the solution below, please read the implementation guide to know the nitty gritty details of this solution. https://aws.amazon.com/solutions/implementations/aws-waf-security-automations/

AWS
Timothy_M
답변함 2년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인

관련 콘텐츠