On November 10, 2016, a large-scale cyberattack occurred. This attack left inaccessible Internet services to users around the world and companies such as Twitter, eBay, and Spotify. The attack was carried out by means of a botnet that included printers on the Internet, to intelligent refrigerators, including babies’ monitors.

How to deal with DDoS attacks?

Scaling – AWS offers Route 53, which is housed in multiple locations at the ends of the globe, creating a global surface capable of absorbing large amounts of DNS traffic, Amazon CloudFront and AWS Web Application Firewall are also capable of handling large amounts of traffic.

Fault tolerance – Each location has many internet connections. This allows the multiplicity of routes to isolating the faults. Route 53 uses “shuffle sharding” and “anycast striping” to increase availability. With shuffle sharding, each DNS in your delegation corresponds to a single set of locations. This increases fault tolerance and minimizes overlap between AWS consumers. If one server is unavailable, the client system redirects the response to another server in another location. With anycast, striping requests are directed to DNS with a better location. This separates the load and reduces DNS latency.

Mitigation – AWS Shield Standard protects against 96% of the usual attacks. This includes “SYN / ACK floods” and “HTTP Slow read”. The standard service comes automatically and transparently built into load balancers, CloudFront, AWS WAF, and Route 53 distributions at no extra cost. AWS Shield Advanced includes additional protection to mitigate DDoS attacks, 24×7 access to a DDoS device and metrics, and real-time reporting.