RangeAmp attacks can take down websites and CDN servers

栏目: IT技术 · 发布时间: 4年前

内容简介:A team of Chinese academics has found a new way to abuse HTTP packets to amplify web traffic and bring down websites and content delivery networks (CDNs).Named RangeAmp, this new Denial-of-Service (DoS) technique exploits incorrect implementations of the H

A team of Chinese academics has found a new way to abuse HTTP packets to amplify web traffic and bring down websites and content delivery networks (CDNs).

Named RangeAmp, this new Denial-of-Service (DoS) technique exploits incorrect implementations of the HTTP "Range Requests" attribute.

HTTP Range Requests are part of the HTTP standard and allow clients (usually browsers) to request only a specific portion (range) of a file from a server. The feature was created for pausing and resuming traffic in controlled (pause/resume actions) or uncontrolled (network congestion or disconnections) situations.

The HTTP Range Requests standard has been under discussion at the Internet Engineering Task Force (IETF) for more than half a decade, but, due to its usefulness, has already been implemented by browsers, servers, and CDNs.

Two RangeAmp attacks discovered

Now, a team of Chinese academics says that attackers can use malformed HTTP Range Requests to amplify how web servers and CDN systems react when having to deal with a range request operation.

The team says two different RangeAmp attacks exist.

The first is called a RangeAmp Small Byte Range (SBR) attack. In this case [see (a) in the image below], the attacker sends a malformed HTTP range request to the CDN provider, which amplifies the traffic towards the destination server, eventually crashing the targeted site.

The second is called a RangeAmp Overlapping Byte Ranges (OBR) attack. In this case [see b) in the image below], the attacker sends a malformed HTTP range request to a CDN provider, and in the case, the traffic is funneled through other CDN servers, the traffic is amplified inside the CDN networks, crashing CDN servers and rendering both the CDNs and many other destination sites inaccessible.

RangeAmp attacks can take down websites and CDN servers

Image: Weizhong et al.

Academics said they tested RangeAmp attacks against 13 CDN providers and found that all were vulnerable to the RangeAmp SBR attack, and six were also vulnerable to the OBR variant when used in certain combinations.

Researchers said the attacks were very dangerous and required a minimum of resources to carry out. Of the two, RangeAmp SBR attacks could amplify traffic the most.

The research team found that attackers could use a RangeAmp SBR attack to inflate traffic from 724 to 43,330 times the original traffic.

RangeAmp attacks can take down websites and CDN servers

Image: Weizhong et al.

RangeAmp OBR attacks were a little harder to carry out, as the six vulnerable CDNs needed to be in specific (master-surrogate) configurations, but when conditions were met, reserchers said OBR attacks could also be used to inflate traffic inside a CDN network with amplification factors of up to nearly 7,500 times the initial packet size.

RangeAmp attacks can take down websites and CDN servers

Image: Weizhong et al.

Of the two, OBR attacks were considered more dangerous, as attackers could take down entire chunks of a CDN provider's network, bringing down connectivity for thousands of websites at a time.

CDN vendors notified seven months ago

Academics said that for the past few months they have been silently contacting the affected CDN providers and disclosing the details of the RangeAmp attack.

Of the 13 CDN providers, researchers said that 12 responded positively and either rolled out or said they planned to roll out updates to their HTTP Range Request implementation.

The list includes Akamai, Alibaba Cloud, Azure, Cloudflare, CloudFront, CDNsun, CDN77, Fastly, G-Core Labs, Huawei Cloud, KeyCDN, and Tencent Cloud.

"Unfortunately, although we have sent them emails several times and have tried to reach out to their customer services, StackPath did not provide any feedback," the research team said.

"In general, we have tried our best to responsibly report the vulnerabilities and provide mitigation solutions. The related CDN vendors have had nearly seven months to implement mitigation techniques before this paper was published."

Each CDN provider's reply, along with technical details about the RangeAmp attacks, are available in the research team's paper, entitled "CDN Backfired: Amplification Attacks Based on HTTP Range Requests," available for download in PDF format from here .

The paper will be presented in July at the IEEE/IFIP DSN 2020 virtual conference , where it's one of the three papers nominated for the Best Paper Award.


以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

从Paxos到Zookeeper

从Paxos到Zookeeper

倪超 / 电子工业出版社 / 2015-2-1 / 75.00元

《Paxos到Zookeeper:分布式一致性原理与实践》从分布式一致性的理论出发,向读者简要介绍几种典型的分布式一致性协议,以及解决分布式一致性问题的思路,其中重点讲解了Paxos和ZAB协议。同时,本书深入介绍了分布式一致性问题的工业解决方案——ZooKeeper,并着重向读者展示这一分布式协调框架的使用方法、内部实现及运维技巧,旨在帮助读者全面了解ZooKeeper,并更好地使用和运维Zoo......一起来看看 《从Paxos到Zookeeper》 这本书的介绍吧!

在线进制转换器
在线进制转换器

各进制数互转换器

Base64 编码/解码
Base64 编码/解码

Base64 编码/解码

Markdown 在线编辑器
Markdown 在线编辑器

Markdown 在线编辑器