Someone or something started hitting the api/login information very hard. It seemed to be around
coolspam at mailinator.com possibly doing a LOT of password reset attempts.
We put in a block at the load balance level for those specific names, but should come up with a long term plan to better limit these kinds of attacks.
Usage went up more than 100,000 requests a minute. The user did stop before we implemented the block.
Detailed Description
Someone or something started hitting the api/login information very hard. It seemed to be around coolspam at mailinator.com possibly doing a LOT of password reset attempts.
We put in a block at the load balance level for those specific names, but should come up with a long term plan to better limit these kinds of attacks.
Usage went up more than 100,000 requests a minute. The user did stop before we implemented the block.
Alternatives / Possible Implementation
WAF added to LB - https://docs.aws.amazon.com/waf/latest/developerguide/waf-rule-statement-type-rate-based.html | https://stackoverflow.com/questions/35301914/how-can-i-set-aws-elb-block-too-many-queries-from-a-given-ip
App based