posted by: Eric Siegel
I see that Amazon.com has been having problems for the past few days. Some folks are talking about configuration or internal problems, but I think that there is reasonable chance that they are struggling under traffic congestion caused by a bot attack. Traceroute shows horrible round-trip times to adjacent nodes; it would make sense that they would be trying to offload workload by simply responding with a thin low-bandwidth page while the techs are trying to track down and suppress the incoming bots.
If they're being attacked, I guess that they're being attacked by bots that are being very smart -- not just a simple connect-type attack. Maybe they actually do a transaction step or two, so that it's difficult to identify an incoming attack and distinguish it from a legitimate transaction without burning staggering amounts of CPU power. The bots have infinite cpu available; Amazon doesn't. Whoops.
I wonder what Akamai has to say about all of this? This is the kind of attack profile that they claim to handle well, using Edge Side Includes to verify the cookies and validate incoming requests before forwarding them to the "real" servers.
Comments