Indirect MITM attack

October 29, 2011

Traffic being sent to an Amazon Web Services ELB (elastic load balancer) intended for a Netflix API server was inadvertently being delivered to a different user, to the tune of over 2M requests over 4 days.

This kind of mix-up could unintentionally cause a "man in the middle" attack, sending private information to a third party who could use the sensitive information for nefarious purposes. But whose fault is it? Did Netflix release the AWS load balancer before updating their DNS and/or waiting long enough (such as 1 or even 2 weeks) for cached records to be changed? Does Amazon have any obligation to hold onto a released IP address for a certain period of time before reissuing it to another customer? Could Amazon have even been the source of the problem, routing an IP to the wrong device or customer?

You can't always know when something out of your control will happen, but you can try to plan about the potential mix-ups that you can think of. In this case, if you're expecting automated traffic containing authentication information you can attempt to limit the damage of said traffic falling into the wrong hangs. Single-use keys or some form of key exchange to initiate the conversation before sending customer data is a good start. Limiting access to an API key based on IP address is a nice addition. Unfortunately, these things require additional resources (additional programming, additional bandwidth and processing, etc.) but in the end, isn't it worth it? Especially if the sensitive information happened to include information that could be used for financial fraud or identity theft.

Tags: #Tech #Security #infosec #aws #netflix #API #MITM

Attached Link:

AWS Developer Forums: unusual ELB activity not from my domain …
Amazon Web Services. Sign in to the AWS Management Console Create an AWS Account. AWS. Products. Developers. Community. Support. Account. close. Discussion Forums. Welcome, Guest Login Forums Help. Di…

Google+: Reshared 1 times
To comment or reply: View post on Google+

Tags: , , , , , ,

One Response to Indirect MITM attack

  1. Fred Newtz on November 1, 2011 at 6:23 am

    Yea Cloud! lol.




Leave A Reply.

To comment or reply, please view the original post on Google+ by using the link provided above.



Switch to our mobile site