What’s cloud squatting and how to deal with it?

The vendors can prevent cloud squatting by preventing IP address reuse.

Cloud squatting happens when a company leases space and IP addresses on a public server, uses them, releases the space, and sends them back to the cloud vendors. The server space providers such as Amazon, Google, or Microsoft assign the same addresses to another company. If the new company is a bad actor, it could take advantage of the information coming into the address intended for the previous organisation.

The study conducted by Penn State researchers on a small fraction of IP addresses on Amazon Web Services showed over 5,400 organisations, including 23 of the top 1000 websites, potentially affected. “Because of how our study was structured, the actual number of affected organisations is likely far higher,” said Eric Pauley. Examples of the leaked data included mobile devices sending analytics and tracking data intended for other organisations; financial services organisations sending transaction data between their various cloud services; domain names for government websites pointed to IP addresses they no longer controlled. 


Sign up for your weekly dose of what's up in emerging technology.

The cloud squatting process/ Source: Penn State Paper

The experiment 

The team conducted a study to determine if cloud tenants were vulnerable to such attacks and to quantify the extent of the problem. The study was carried out in compliance with Amazon’s Vulnerability Reporting program. The team set up a series of cloud server rentals from Amazon Web Services and rented server space for 10-minute intervals. Within this time, they received information addressed to the previous tenants and moved to another server location. The cycle was repeated several times, but they did not ask for or send any information.

The team received 5 million pieces of cloud messages, many containing sensitive data of financial transactions, GPS location, and personally identifiable information. Further, they identified dozens of exploitable software systems spanning hundreds of servers and 5,446 exploitable domains, including 23 in the top 1,000 popular domains. The results were observed across government, academic, and industrial organisations. 

The team also discovered three major root causes for this:

A. Lack of organisational controls

B. Poor service hygiene

C. Failure to follow best practices. 

One of the researchers, Patrick McDaniel, spoke about how the team did not receive health data but said an adversary might receive such data. For instance, one of their IP addresses received requests to the Health and Human Services website, HHS.gov. “We did not further interact, but others could pretend to be an HHS service and get people to interact,” he said. 


After identifying the key issues, the research team suggested solutions to address cloud squatting concerns for both cloud vendors and the clients who rent server space. 

The vendors can prevent cloud squatting by preventing IP address reuse. Additionally, they can create reserved IP address blocks. Here, a large client organisation could be assigned a fixed range of recyclable addresses within the company. Organisations can also bring their own IP addresses in the cloud or private IP addresses.

When designing services on public clouds, it should be ensured that references to service IPs are either managed by the cloud provider or some configuration manager or policy. Organisations should also prevent lingering references and ensure they never directly reference IP addresses. Instead, companies can refer to their servers through DNS. 

Source: Penn State Paper

Users can avoid producing IP address configurations that linger after cloud server IP addresses are let go from the client-side. While this is a rarity, the researchers identified that organisations have little visibility into how different accounts use cloud computing capabilities.

More Great AIM Stories

Avi Gopani
Avi Gopani is a technology journalist that seeks to analyse industry trends and developments from an interdisciplinary perspective at Analytics India Magazine. Her articles chronicle cultural, political and social stories that are curated with a focus on the evolving technologies of artificial intelligence and data analytics.

Our Upcoming Events

Conference, in-person (Bangalore)
Machine Learning Developers Summit (MLDS) 2023
19-20th Jan, 2023

Conference, in-person (Bangalore)
Rising 2023 | Women in Tech Conference
16-17th Mar, 2023

Conference, in-person (Bangalore)
Data Engineering Summit (DES) 2023
27-28th Apr, 2023

Conference, in-person (Bangalore)
MachineCon 2023
23rd Jun, 2023

3 Ways to Join our Community

Discord Server

Stay Connected with a larger ecosystem of data science and ML Professionals

Telegram Channel

Discover special offers, top stories, upcoming events, and more.

Subscribe to our newsletter

Get the latest updates from AIM