Summary
A BGP-based feature of the AWS Direct Connect service allowed a third party to inject an incorrect route for an external IP, effectively hijacking AWS-sourced traffic. This resulted in connectivity issues between AWS EC2 instances and external systems. The issue was caused by a typo in a Direct Connect customer's configuration, which advertised an incorrect prefix to AWS.
Affected Services
EC2, Direct Connect
Remediation
None required. AWS has improved their process for validating IP prefix ownership for Direct Connect public virtual interfaces.
Tracked CVEs
No tracked CVEs
References
Contributed by https://github.com/korniko98
Entry Status
Stub (AI-Generated)
Disclosure Date
Thu, May 16th, 2024
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
Monitor for unexpected routing or connectivity issues between AWS EC2 instances and external IP addresses. Use tools like mtr or traceroute to identify abnormal network paths.
Piercing Index Rating
-
Discovered by
Jamie Finnigan
