AWS Shield

2019/07/22 - AWS Shield - 1 updated api methods

Changes  Adding new VectorType (HTTP_Reflection) and related top contributor types to describe WordPress Pingback DDoS attacks.

DescribeAttack (updated) Link ΒΆ
Changes (response)
{'Attack': {'AttackProperties': {'AttackPropertyIdentifier': ['WORDPRESS_PINGBACK_REFLECTOR',
                                                              'WORDPRESS_PINGBACK_SOURCE']}}}

Describes the details of a DDoS attack.

See also: AWS API Documentation

Request Syntax

client.describe_attack(
    AttackId='string'
)
type AttackId

string

param AttackId

[REQUIRED]

The unique identifier (ID) for the attack that to be described.

rtype

dict

returns

Response Syntax

{
    'Attack': {
        'AttackId': 'string',
        'ResourceArn': 'string',
        'SubResources': [
            {
                'Type': 'IP'|'URL',
                'Id': 'string',
                'AttackVectors': [
                    {
                        'VectorType': 'string',
                        'VectorCounters': [
                            {
                                'Name': 'string',
                                'Max': 123.0,
                                'Average': 123.0,
                                'Sum': 123.0,
                                'N': 123,
                                'Unit': 'string'
                            },
                        ]
                    },
                ],
                'Counters': [
                    {
                        'Name': 'string',
                        'Max': 123.0,
                        'Average': 123.0,
                        'Sum': 123.0,
                        'N': 123,
                        'Unit': 'string'
                    },
                ]
            },
        ],
        'StartTime': datetime(2015, 1, 1),
        'EndTime': datetime(2015, 1, 1),
        'AttackCounters': [
            {
                'Name': 'string',
                'Max': 123.0,
                'Average': 123.0,
                'Sum': 123.0,
                'N': 123,
                'Unit': 'string'
            },
        ],
        'AttackProperties': [
            {
                'AttackLayer': 'NETWORK'|'APPLICATION',
                'AttackPropertyIdentifier': 'DESTINATION_URL'|'REFERRER'|'SOURCE_ASN'|'SOURCE_COUNTRY'|'SOURCE_IP_ADDRESS'|'SOURCE_USER_AGENT'|'WORDPRESS_PINGBACK_REFLECTOR'|'WORDPRESS_PINGBACK_SOURCE',
                'TopContributors': [
                    {
                        'Name': 'string',
                        'Value': 123
                    },
                ],
                'Unit': 'BITS'|'BYTES'|'PACKETS'|'REQUESTS',
                'Total': 123
            },
        ],
        'Mitigations': [
            {
                'MitigationName': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • Attack (dict) --

      The attack that is described.

      • AttackId (string) --

        The unique identifier (ID) of the attack.

      • ResourceArn (string) --

        The ARN (Amazon Resource Name) of the resource that was attacked.

      • SubResources (list) --

        If applicable, additional detail about the resource being attacked, for example, IP address or URL.

        • (dict) --

          The attack information for the specified SubResource.

          • Type (string) --

            The SubResource type.

          • Id (string) --

            The unique identifier (ID) of the SubResource .

          • AttackVectors (list) --

            The list of attack types and associated counters.

            • (dict) --

              A summary of information about the attack.

              • VectorType (string) --

                The attack type, for example, SNMP reflection or SYN flood.

              • VectorCounters (list) --

                The list of counters that describe the details of the attack.

                • (dict) --

                  The counter that describes a DDoS attack.

                  • Name (string) --

                    The counter name.

                  • Max (float) --

                    The maximum value of the counter for a specified time period.

                  • Average (float) --

                    The average value of the counter for a specified time period.

                  • Sum (float) --

                    The total of counter values for a specified time period.

                  • N (integer) --

                    The number of counters for a specified time period.

                  • Unit (string) --

                    The unit of the counters.

          • Counters (list) --

            The counters that describe the details of the attack.

            • (dict) --

              The counter that describes a DDoS attack.

              • Name (string) --

                The counter name.

              • Max (float) --

                The maximum value of the counter for a specified time period.

              • Average (float) --

                The average value of the counter for a specified time period.

              • Sum (float) --

                The total of counter values for a specified time period.

              • N (integer) --

                The number of counters for a specified time period.

              • Unit (string) --

                The unit of the counters.

      • StartTime (datetime) --

        The time the attack started, in Unix time in seconds. For more information see timestamp .

      • EndTime (datetime) --

        The time the attack ended, in Unix time in seconds. For more information see timestamp .

      • AttackCounters (list) --

        List of counters that describe the attack for the specified time period.

        • (dict) --

          The counter that describes a DDoS attack.

          • Name (string) --

            The counter name.

          • Max (float) --

            The maximum value of the counter for a specified time period.

          • Average (float) --

            The average value of the counter for a specified time period.

          • Sum (float) --

            The total of counter values for a specified time period.

          • N (integer) --

            The number of counters for a specified time period.

          • Unit (string) --

            The unit of the counters.

      • AttackProperties (list) --

        The array of AttackProperty objects.

        • (dict) --

          Details of the described attack.

          • AttackLayer (string) --

            The type of distributed denial of service (DDoS) event that was observed. NETWORK indicates layer 3 and layer 4 events and APPLICATION indicates layer 7 events.

          • AttackPropertyIdentifier (string) --

            Defines the DDoS attack property information that is provided. The WORDPRESS_PINGBACK_REFLECTOR and WORDPRESS_PINGBACK_SOURCE values are valid only for WordPress reflective pingback DDoS attacks.

          • TopContributors (list) --

            The array of Contributor objects that includes the top five contributors to an attack.

            • (dict) --

              A contributor to the attack and their contribution.

              • Name (string) --

                The name of the contributor. This is dependent on the AttackPropertyIdentifier . For example, if the AttackPropertyIdentifier is SOURCE_COUNTRY , the Name could be United States .

              • Value (integer) --

                The contribution of this contributor expressed in Protection units. For example 10,000 .

          • Unit (string) --

            The unit of the Value of the contributions.

          • Total (integer) --

            The total contributions made to this attack by all contributors, not just the five listed in the TopContributors list.

      • Mitigations (list) --

        List of mitigation actions taken for the attack.

        • (dict) --

          The mitigation applied to a DDoS attack.

          • MitigationName (string) --

            The name of the mitigation taken for this attack.