As we know, millions of Australians have not been able to lodge their Census online as the ABS Census site is offline.
We have been reviewing the nature of this outage and it appears the ABS took precautions against the volume of traffic it was expecting. But did it do enough?
The ABS has stated that deliberate attacks from overseas were to blame for this attack. DoS was to blame. Here is webopedia.com’s definition of a DoS attack;
- Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic.
While not useless, traffic from the many real users (census lodgers) hitting the ABS site could also appear to be a DoS attack. However, that may not be what happened in this instance given the ABS states the traffic originated from overseas. The question remains, could or should the ABS have been able to prevent such an attack?
We have done a little bit of digging into the performance of the ABS Census site and whilst it is hard to diagnose these issues from the outside, especially when the site is completely offline, here are a few observations:
- The ABS expected significant traffic and took steps to be prepared;
- They have their application architecture set up to split across what appears to be around 10 isolated units within the hosting infrastructure.
- They have static objects serving from a Content Delivery Network
- They may have performed a large range of other activities which we cannot see from the front end – particularly with the site currently offline
- The site has been flooded with network level requests.
- The graph above, showing extended time to execute an SSL connection indicates packets are not getting through. While most tests conducted did not generate any connection, this one which has, indicates network type congestion.
- The ABS could have done better
- The HTML request for the site is not serving from a CDN
- The site does not appear to have network level DDoS protection
- It appears the architecture of the site means it must not be portable. The ABS could have moved the site to serve from alternate infrastructure
- The system was not build for graceful degradation. There is not even an “outage page” being served at present – Could the ABS repoint the DNS to alternate infrastructure and serve some level of friendly outage page now?
- Modern hosting infrastructure prevents these types of network layer attacks. Did the government procurement system prevent the ABS from having access to these global organisations or settle for a government endorsed supplier?