Tim Bass
07-31-2008 08:09 AM
We have seen a lot of discussions of cloud computing in the news recently, as a technology to permit “users to access technology-enabled services*without knowledge of, expertise with, nor control over the technology infrastructure that supports them.”* *This sound great doesn’t it?!* *Users with little to no IT expertise can log into the cloud and launch 8 instances of a server with the equivalence of 16 high performance CPU cores.* *However, as we all know, all things, including cool technologies have the potential for both good and evil, opportunity or threat; and cloud computing is no different.

It just so happens that I have been experimenting with Amazon Elastic Computing Services (EC2), documented in Computing in the Clouds with AWS over at The CEP Blog.* The server over at The UNIX and Linux Forums have been experiencing some very hardware-limited, high load averages recently. We thought we should take a look at moving the forum server up to the clouds.* *

Then, a fellow system admin over at the forums suggested that maybe some rogue bots were causing high server loads; so I wrote a one-line command to do a bit of real-time spider hunting in the Apache2 logfiles.* Surprise!* I found there were a number of rogue, hungry spiders that would not follow our robots.txt directive not to crawl the site.* *One of the bots was from Russia, one was from China, and another one was from Korea.* There were spiders from places I never heard of, all consuming precious* resources and denying our users!

So, I did what any Linux admin would do. I used iptables to block the networks of these rogue, hungry, spiders (sorry I was not very kind to these cyber creatures).* It probally comes to no surprise at this point in the story that four of the spiders were from the Amazon EC2 cloud.* Here is a sample of the output from iptable -L:

root@www:~# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all — 195.169.219.0/24
DROP all — ec2-67-202-45-0.compute-1.amazonaws.com/24
DROP all — ec2-75-101-243-0.compute-1.amazonaws.com/24
DROP all — ec2-75-101-197-0.compute-1.amazonaws.com/24
DROP all — ec2-75-101-213-0.compute-1.amazonaws.com/24

Well, imagine a not-so-distant future dystopian world where criminals or terrorists want to launch a massive denial-of-service attack against some critical infrastructure, like the root DNS servers, or maybe attack major financial institutions, military or e-commerce sites.* *

First, the bad guys create an instance of powerful operating system with a malicious network application, they test it, and they place it the cloud (without invoking the instance, paying a very small storage fee, no computing time fee) and they wait.* *Then, at the precise moment of their planned attack, they launch 128 instances each with the equivalence of whatever is the mega-platform at the time, and just blast away at their attack target(s).* * Even more damaging, they do this from many cloud computing infrastructures.* (Note: The cost of the attack is minimal because the criminals are only charged a few pennies an hour for each running instance and the attack runs an hour or two.)

My experience with cloud computing, which is still maturing, is that cloud computing has great promise for both good and evil.* The very real example of the “spiders from the clouds” is a harmless enough story of folks using a cloud computing infrastructure for web crawling, perhaps hoping to be the next Google billionaires.*

One the other hand, cloud computing brings with it an emerging and growing danger for the misuse of the power of cloud computing infrastructures.* *The misuse could be malicous, or accidental, but never-the-less, the danger is real.

What an interesting world we have created!* Would would have ever dreamed 10 years ago that we could be attacked by ……

#include

…. Spiders from the Clouds.

Reprinted by permission from The Attack of the Spiders from the Clouds by Tim Bass, CISSP



Source...