使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post

AWS Shield Standard not preventing DDOS?

0

My website under Route 53 and ALB was flooded once on 12 May but seemed Shield Standard didn't do anything to prevent?

Showing 1000 of 9,828,102 records matched:

2022-05-12T08:01:25.024+08:00	51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"

2022-05-12T08:01:25.024+08:00	51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"

2022-05-12T08:01:25.024+08:00	51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" "-"

2022-05-12T08:01:25.024+08:00	51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.024+08:00	51.15.0.133 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko" "-"

2022-05-12T08:01:25.274+08:00	163.172.215.59 - - [12/May/2022:00:01:24 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; Googlebot/2.1; +http://www.google.com/bot.html) Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	51.15.0.133 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 9_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) Version/9.0 Mobile/13B143 Safari/601.1 (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)" "-"

2022-05-12T08:01:25.274+08:00	175.178.1.47 - - [12/May/2022:00:01:25 +0000] "GET http://azenv.net/ HTTP/1.1" 200 8216 "-" "Go-http-client/1.1" "-"

2022-05-12T08:01:25.274+08:00	20.231.61.213 - - [12/May/2022:00:01:25 +0000] "CONNECT aj-https.my.com:443 HTTP/1.1" 400 157 "-" "-" "-"

2022-05-12T08:01:25.274+08:00	163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"

2022-05-12T08:01:25.274+08:00	163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Linux; Android 5.0; SM-G920A) AppleWebKit (KHTML, like Gecko) Chrome Mobile Safari (compatible; AdsBot-Google-Mobile; +http://www.google.com/mobile/adsbot.html)" "-"

2022-05-12T08:01:25.274+08:00	163.172.215.59 - - [12/May/2022:00:01:25 +0000] "GET http://www.1980mu.com:89/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-"

2022-05-12T08:01:25.274+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.274+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko" "-"

2022-05-12T08:01:25.274+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3599.0 Safari/537.36" "-"

2022-05-12T08:01:25.524+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.18247" "-"

2022-05-12T08:01:25.524+08:00	209.250.242.153 - - [12/May/2022:00:01:25 +0000] "GET http://www.shuishantang88.com/ HTTP/1.1" 200 8216 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like
主題
安全性、身分識別與合規
標籤
AWS Shield
語言
English
ondemand
已提問 2 年前檢視次數 481 次
2 個答案
1

It seems to me that this would be a layer 7 attack. Just repeatedly doing http requests. AWS Shield Standard does not protect against this kind of attack.

You can easily implement protection for this kind of attack by attach a WAFv2 rule to the ALB blocking too many requests from the same IP to the ALB.

For additional support and automatic mitigation of these kind of attack you can implement AWS Shield Advanced. This is not free though and the price might not fit your business case.

profile picture
JaccoPK
已回答 2 年前
0

It's important to understand that Shield itself only protects L3/L4 DDoS attacks and it doesn't apply with L7 DDoS Attacks. Shield relies on AWS WAF for mitigation of L7 DDoS.

For a Cloudformation Stack to deploy AWS WAF please refer to the solution below, please read the implementation guide to know the nitty gritty details of this solution. https://aws.amazon.com/solutions/implementations/aws-waf-security-automations/

AWS
Timothy_M
已回答 2 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南

相關內容