What’s cloud squatting and how to deal with it?

The vendors can prevent cloud squatting by preventing IP address reuse.

Cloud squatting happens when a company leases space and IP addresses on a public server, uses them, releases the space, and sends them back to the cloud vendors. The server space providers such as Amazon, Google, or Microsoft assign the same addresses to another company. If the new company is a bad actor, it could take advantage of the information coming into the address intended for the previous organisation.

The study conducted by Penn State researchers on a small fraction of IP addresses on Amazon Web Services showed over 5,400 organisations, including 23 of the top 1000 websites, potentially affected. “Because of how our study was structured, the actual number of affected organisations is likely far higher,” said Eric Pauley. Examples of the leaked data included mobile devices sending analytics and tracking data intended for other organisations; financial services organisations sending transaction data between their various cloud services; domain names for government websites pointed to IP addresses they no longer controlled. 

The cloud squatting process/ Source: Penn State Paper

AIM Daily XO

Join our editors every weekday evening as they steer you through the most significant news of the day, introduce you to fresh perspectives, and provide unexpected moments of joy
Your newsletter subscriptions are subject to AIM Privacy Policy and Terms and Conditions.

The experiment 

The team conducted a study to determine if cloud tenants were vulnerable to such attacks and to quantify the extent of the problem. The study was carried out in compliance with Amazon’s Vulnerability Reporting program. The team set up a series of cloud server rentals from Amazon Web Services and rented server space for 10-minute intervals. Within this time, they received information addressed to the previous tenants and moved to another server location. The cycle was repeated several times, but they did not ask for or send any information.

The team received 5 million pieces of cloud messages, many containing sensitive data of financial transactions, GPS location, and personally identifiable information. Further, they identified dozens of exploitable software systems spanning hundreds of servers and 5,446 exploitable domains, including 23 in the top 1,000 popular domains. The results were observed across government, academic, and industrial organisations. 

Download our Mobile App

The team also discovered three major root causes for this:

A. Lack of organisational controls

B. Poor service hygiene

C. Failure to follow best practices. 

One of the researchers, Patrick McDaniel, spoke about how the team did not receive health data but said an adversary might receive such data. For instance, one of their IP addresses received requests to the Health and Human Services website, HHS.gov. “We did not further interact, but others could pretend to be an HHS service and get people to interact,” he said. 


After identifying the key issues, the research team suggested solutions to address cloud squatting concerns for both cloud vendors and the clients who rent server space. 

The vendors can prevent cloud squatting by preventing IP address reuse. Additionally, they can create reserved IP address blocks. Here, a large client organisation could be assigned a fixed range of recyclable addresses within the company. Organisations can also bring their own IP addresses in the cloud or private IP addresses.

When designing services on public clouds, it should be ensured that references to service IPs are either managed by the cloud provider or some configuration manager or policy. Organisations should also prevent lingering references and ensure they never directly reference IP addresses. Instead, companies can refer to their servers through DNS. 

Source: Penn State Paper

Users can avoid producing IP address configurations that linger after cloud server IP addresses are let go from the client-side. While this is a rarity, the researchers identified that organisations have little visibility into how different accounts use cloud computing capabilities.

Sign up for The Deep Learning Podcast

by Vijayalakshmi Anandan

The Deep Learning Curve is a technology-based podcast hosted by Vijayalakshmi Anandan - Video Presenter and Podcaster at Analytics India Magazine. This podcast is the narrator's journey of curiosity and discovery in the world of technology.

Avi Gopani
Avi Gopani is a technology journalist that seeks to analyse industry trends and developments from an interdisciplinary perspective at Analytics India Magazine. Her articles chronicle cultural, political and social stories that are curated with a focus on the evolving technologies of artificial intelligence and data analytics.

Our Upcoming Events

24th Mar, 2023 | Webinar
Women-in-Tech: Are you ready for the Techade

27-28th Apr, 2023 I Bangalore
Data Engineering Summit (DES) 2023

23 Jun, 2023 | Bangalore
MachineCon India 2023 [AI100 Awards]

21 Jul, 2023 | New York
MachineCon USA 2023 [AI100 Awards]

3 Ways to Join our Community

Telegram group

Discover special offers, top stories, upcoming events, and more.

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Subscribe to our Daily newsletter

Get our daily awesome stories & videos in your inbox

Council Post: Evolution of Data Science: Skillset, Toolset, and Mindset

In my opinion, there will be considerable disorder and disarray in the near future concerning the emerging fields of data and analytics. The proliferation of platforms such as ChatGPT or Bard has generated a lot of buzz. While some users are enthusiastic about the potential benefits of generative AI and its extensive use in business and daily life, others have raised concerns regarding the accuracy, ethics, and related issues.