Feeds

Bots to blame for Amazon.com outages?

New glitches add to intrigue

SANS - Survey on application security programs

Amazon.com suffered a fresh round of outages on Monday amid speculation that it was under a denial of service attack.

Disruptions hit Amazon's US and UK sites Monday morning California time and lasted for about an hour, according to Keynote Systems, which monitors website performance. People who tried to visit the sites received a message reading: "Http/1.1 Service Unavailable." Amazon's US website experienced similar difficulties that lasted more than two hours on Friday.

Friday's outage coincided with a sustained attack on the Internet Movie Database, a popular site owned by Amazon that uses Amazon IP addresses. At the same time that Amazon's site became unavailable, a single attacker perpetrated a "layer 7" attack on IMDB. It flooded the site with so many requests for images that bandwidth and computing resources weren't able to accommodate legitimate users.

The average rate of the denial-of-service attack was about 3 Mbits/sec, according to this post from a researcher at Narus, which provides real-time traffic intelligence to large network operators.

What's more, shortly after Amazon technicians restored service after Friday's outage, several Register readers reported receiving a new error message that explained they were being blocked from Amazon.com because the requests were suspected to come from a bot or automatic script. Eventually, the problem was corrected.

Taken together, the IMDB attack and the false positives may indicate Amazon was hit by some sort of automatic script that contributed to the outage.

"It is definitely possible that they were undergoing an attack that our probes can't see and they tried to control it by dropping traffic," said Supranamaya Ranjan, a senior member of Narus's technical staff.

In addition to the possibility that miscreants unleashed an attack designed to hobble Amazon's webservers, some people have speculated that the outage was inadvertently caused by bots programmed to scoop up the Metal Gear Solid 4 bundle, an 80-GB pack for the PlayStation3, which went on sale on Amazon on Friday.

Whatever the cause, the outage comes as a pox on the house of Amazon. In addition to being the world's biggest online retailer, it's also trying to convince smaller companies to outsource their mission-critical storage, server and database operations to its Amazon Web Services.

An Amazon spokeswoman declined to discuss the cause of the outages. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.