I'm curious if a Denial of Wallet attack can be executed through Route 53. The pricing stands at $0.40 per million queries monthly. I get that pointing DNS records to an AWS resource can help mitigate this risk (as detailed in the AWS documentation), but if that isn't an option, could an attacker potentially generate enough DNS queries to run up a bill exceeding $100? Based on my rough calculations, that would mean sending over 250 million queries in a month, which seems doable. Has anyone ever seen this type of attack in action?
5 Answers
Sure, it's feasible to generate a lot of queries, but the bigger question is why someone would do it. AWS does have robust protections in place, and they would likely kick in quickly to mitigate any potential damage from this kind of attack.
While it's technically possible to run up a bill through Route 53, there are likely easier and more effective methods for malicious actors to exploit AWS. Plus, a $100 bill isn't particularly significant in the grand scheme of things.
To reach a $1000 bill, you'd need to generate around 2.5 billion requests per month, which doesn't seem like a practical attack vector. In fact, most AWS users wouldn't even notice such a charge unless they actively audited their bills.
A query to your domain might not directly hit Route 53 each time since many DNS records are cached by different servers to improve speed. Unless your Time-To-Live (TTL) is set really low, most requests will generally be served from intermediary DNS servers.
Keep in mind that AWS has built-in protections against these kinds of attacks. Although millions of domains are served from fewer DNS servers, AWS has measures like Shield Standard to defend against common DDoS attacks, and Route 53 is part of that.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads