Indusface secures Web Applications of 2000+ global customers that integrate WAS, WAF, CDN & threat information engines.
DoS attacks aren’t anything new. But with organizational technology stacks becoming increasingly complex, there are always new variables that can lead to unexpected behaviors. Hackers are constantly looking for security holes and are liable to exploit them.
Director of Research at PortSwigger, James Kettle, said, “The specific thing where you can cause a denial-of-service by poisoning the cache, there are so many ways to do.” He even says it would be impossible for one person to find all the exploits.
A DoS attack related to cache poisoning is a new security threat emerging in recent years. Cache Poisoning DoS attack, also known as CPDoS attack, is a type of DoS attack that primarily depends on the cache mechanism of the webserver. Here’s what you need to know.
Cache poisoning is where an HTTP request tricks a web server into responding with a harmful resource. This resource will have the same cache key as a normal, clean request, making it indistinguishable. This contaminated resource will then get cached and served to others.
DoS refers to Denial-of-Service. A DoS attack is where the perpetrator makes cloud applications and internet content inaccessible to its users. This is achieved by shutting down a machine or network.
DoS attacks either flood the target with traffic or send information that results in crashes. Regardless of the method, the attack will deprive users of access to services or resources, sometimes for hours at a time.
The most popular types of flood attacks include the following:
● Buffer overflow attacks: The goal here is to send more traffic to a network than it has been designed to handle.
● SYN flood: Interrupts the handshake at the server, and keeps saturating open ports with requests until no others are available.
● ICMP flood: This method will send spoofed packets pinging every machine on a specific network. This triggers the network to amplify traffic.
In cache poisoning DoS attacks, the attacker targets an intermediate cache proxy server, which resides between the web server and the client (victim) with malicious HTTP requests and configures the cache response with error-related code (e.g., 400 bad Request).
Here is the CPDoS attack flow:
This type of DoS attack results in a high probability of success with minimum or zero risk of being detected. CPDoS attack poses an increased risk. Attackers can even disable critical messages or security alerts on mission-critical websites like official governmental or online banking websites.
For example, a CPDoS attack can prevent security alerts about phishing emails from being shown to the corresponding users.
Technically, your first line of defense is caching the error message based on the HTTP standard policies. Configure CDNs not to cache all error messages but errors like 405 (Method not Permitted), 404 (Not Found), 501 (Cannot be Implemented), and 410 (Lost or Gone) based on CDN web caching standard.
An effective countermeasure against CPDoS attacks is deploying a WAF (Web Application Firewall) to block malicious requests before reaching the origin server.
There are many options available, and most, if not all, claim to offer unique protective measures against cache poisoning attacks. But every individual, organization, or company would do well to understand their own needs before committing to anyone's service. And that means finding the right WAF makes a difference.
Finding a WAF with a secure CDN, DoS protection, SSL integration, intelligent caching, solid customer support, and other customization options would prove invaluable.
Website and cloud application downtime can affect revenue, user experience, brand credibility, customer retention, customer acquisition, and search engine rankings.
CDN cache poisoning allows hackers to exploit your cloud applications and launch DoS attacks against them. Having understood the risks involved, protecting against such attacks will help you retain a stronger connection with your customers, employees, and users.