In a different experiment, the targeted test server was set up inside a separate cloud instance from the same provider in order to test if the provider would detect malicious traffic sent over its own internal network. A third experiment involved the targeted server running inside a cloud instance at a different cloud provider in order to test how that provider would deal with incoming malicious traffic.
The experiments involved sending malformed network packets and performing aggressive port scanning; sending malware to the victim host via a reverse shell; performing a denial of service attack against a Web server running on the targeted host, performing a brute-force FTP password cracking attack; launching SQL injection, cross-site scripting, path traversal and other attacks against popular Web applications running on the targeted host; and sending known exploit payloads to various services running on the host.
In one experiment, some types of malicious activity, like port scanning, were executed for 48 hours in order to see if a large traffic volume and longer attack duration would trigger a response from the cloud provider.
“The results of the experiment showed that no connections were reset or terminated when transmitting inbound and outbound malicious traffic, no alerts were raised to the owner of the accounts, and no restrictions were placed on the Cloud instances,” Stratsec senior consultant Pedram Hayati said Monday in a blog post [http://stratsec.blogspot.com.au].
“Computing is becoming cheaper and cheaper and for something like $10 one can buy enough computing power to take down a small website for a few hours,” Costin Raiu, director of the Global Research & Analysis Team at antivirus vendor Kaspersky Lab, said Tuesday via email. “The experiment suggests that providers BAE looked at may not be prioritizing monitoring for malicious traffic and the sound implementation of security measures that you’d expect to be implemented on a corporate network,” David Harley, a senior research fellow at antivirus vendor ESET, said Tuesday via email.
http://www.arnnet.com.au/article/440522/lack_abuse_detection_allows_cloud_computing_instances_used_like_botnets_study_says/