My Cat Alerted Me to a DDoS Attack

🌈 Abstract

The article describes how the author's cat woke them up in the middle of the night, alerting them to a distributed denial-of-service (DDoS) attack on their company's website.

🙋 Q&A

[01] My Cat Alerted Me to a DDoS Attack

1. What happened that led the author to discover the DDoS attack?

• The author's cat woke them up in the middle of the night by grooming their hair, which was unusual behavior.
• The author then noticed an AWS CloudWatch alert about unhealthy targets for their load balancer.
• When the author tried to access their website, it didn't load, so they logged onto their work laptop.
• The monitoring dashboard showed a massive number of requests coming from many IP addresses in different countries, indicating a DDoS attack.

2. How did the author initially respond to the DDoS attack?

• The author's first thought was to block IP addresses at the server level, but they realized this would be tedious and potentially ineffective.
• The author then remembered they had already set up AWS Web Application Firewall and used it to block requests from other countries, which stopped the flood of requests and restored their website.

3. What happened after the author resolved the immediate outage?

• The author's company received an email from the attacker claiming to have found a vulnerability that crashed their website, and offering a "solution file" for $5,000 in Bitcoin.
• The company did not reply to the email, though the author thought it could have been fun to troll the attacker.

4. How did the author interpret their cat's unusual behavior?

• The author found it hard to believe the perfect timing of their cat waking them up, as the AWS alert did not make any sound to wake the cat.
• The author likes to think the cat somehow sensed something was wrong and couldn't wait until morning to alert them, making it a more pleasant way to be woken up than a blaring PagerDuty alarm.