Litcius/Paper detail

CDN Backfired: Amplification Attacks Based on HTTP Range Requests

Weizhong Li, Kaiwen Shen, Runhua Guo, Baojun Liu, Jia Zhang, Haixin Duan, Shuang Hao, Xiarun Chen, Yao Wang

202021 citationsDOI

Abstract

Content Delivery Networks (CDNs) aim to improve network performance and protect against web attack traffic for their hosting websites. And the HTTP range request mechanism is majorly designed to reduce unnecessary network transmission. However, we find the specifications failed to consider the security risks introduced when CDNs meet range requests. In this study, we present a novel class of HTTP amplification attack, Range-based Amplification (RangeAmp) Attacks. It allows attackers to massively exhaust not only the outgoing bandwidth of the origin servers deployed behind CDNs but also the bandwidth of CDN surrogate nodes. We examined the RangeAmp attacks on 13 popular CDNs to evaluate the feasibility and real-world impacts. Our experiment results show that all these CDNs are affected by the RangeAmp attacks. We also disclosed all security issues to affected CDN vendors and already received positive feedback from 12 vendors.

Topics & Concepts

Computer scienceBandwidth (computing)Computer networkServerComputer securityNetwork Security and Intrusion DetectionInternet Traffic Analysis and Secure E-votingSpam and Phishing Detection
CDN Backfired: Amplification Attacks Based on HTTP Range Requests | Litcius