The AWS S3 Denial of Wallet Amplification Attack
The AWS S3 Denial of Wallet Amplification Attack
5 comments
-
-
Would adding Cloudfront in front of the s3 bucket prevent against this type of attack? Does canceling the connection to the cloudfront distribution cause the same behavior with regard to s3 egress?
its worse than this.
another, far worse wallet attack can also be used if they know the bucket name youre using in S3. they can generate an obscene amount of invalid requests you pay for that quickly ads up, and amazons response is 'so?'
The lead of s3 actually did indicate that they are planning changes in response to that article. Hopefully we see a change there soon.
Edit: found the link
thank pasta. this 'security through obscurity' policy is freakin me out