DoS attacks aren’t anything new. But with organizational technology stacks becoming increasingly complex, there are always new variables that can lead to unexpected behaviors. Hackers are constantly looking for security holes and are liable to exploit them. Director of Research at PortSwigger, , said, “The specific thing where you can cause a denial-of-service by poisoning the cache, there are so many ways to do.” He even says it would be impossible for one person to find all the exploits. James Kettle A DoS attack related to cache poisoning is a new security threat emerging in recent years. Cache Poisoning DoS attack, also known as CPDoS attack, is a that primarily depends on the cache mechanism of the webserver. Here’s what you need to know. type of DoS attack What Is Cache Poisoning? Cache poisoning is where an HTTP request tricks a web server into responding with a harmful resource. This resource will have the same cache key as a normal, clean request, making it indistinguishable. This contaminated resource will then get cached and served to others. What Are DoS Attacks? DoS refers to Denial-of-Service. A DoS attack is where the perpetrator makes cloud applications and internet content inaccessible to its users. This is achieved by shutting down a machine or network. DoS attacks either flood the target with traffic or send information that results in crashes. Regardless of the method, the attack will deprive users of access to services or resources, sometimes for hours at a time. The most popular types of flood attacks include the following: ● : The goal here is to send more traffic to a network than it has been designed to handle. Buffer overflow attacks ● : Interrupts the handshake at the server, and keeps saturating open ports with requests until no others are available. SYN flood ● : This method will send spoofed packets pinging every machine on a specific network. This triggers the network to amplify traffic. ICMP flood Cache Poisoning DoS (CPDoS) Attack In , the attacker targets an intermediate cache proxy server, which resides between the web server and the client (victim) with malicious HTTP requests and configures the cache response with error-related code (e.g., 400 bad Request). cache poisoning DoS attacks Here is the CPDoS attack flow: Source: varutra The attacker sends an HTTP request with a malicious header to the webserver. The intermediate cache server processes the request. As the malicious header remains inconspicuous, the cache server forwards it to the origin server. The origin server recognizes the malicious requests and responds with an error message. Consequently, the error response will be cached by the cache server instead of the requested resources, and the same will be sent as a response to the attacker. Whenever the legitimate user initiates the request, he will receive the cached error message as a response. This type of DoS attack results in a high probability of success with minimum or zero risk of being detected. CPDoS attack poses an increased risk. Attackers can even disable critical messages or security alerts on mission-critical websites like official governmental or online banking websites. For example, a CPDoS attack can prevent security alerts about phishing emails from being shown to the corresponding users. How To Protect Against CPDoS Attacks? Technically, your first line of defense is caching the error message based on the HTTP standard policies. Configure CDNs not to cache all error messages but errors like 405 (Method not Permitted), 404 (Not Found), 501 (Cannot be Implemented), and 410 (Lost or Gone) based on CDN web caching standard. An effective countermeasure against CPDoS attacks is deploying a to block malicious requests before reaching the origin server. WAF (Web Application Firewall) There are many options available, and most, if not all, claim to offer unique protective measures against cache poisoning attacks. But every individual, organization, or company would do well to understand their own needs before committing to anyone's service. And that means finding the right WAF makes a difference. Finding a WAF with a secure CDN, DoS protection, SSL integration, intelligent caching, solid customer support, and other customization options would prove invaluable. Conclusion Website and cloud application downtime can affect revenue, user experience, brand credibility, customer retention, customer acquisition, and search engine rankings. CDN cache poisoning allows hackers to exploit your cloud applications and launch DoS attacks against them. Having understood the risks involved, protecting against such attacks will help you retain a stronger connection with your customers, employees, and users.

Flow

Stacks

Target

What Is a CDN Cache Poisoning DoS Attack?

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

5 Best Cybersecurity Practices for the Healthcare Industry

13 Tips For Choosing the Right Hosting Provider

The System Design Cheat Sheet: Cache

5 Tips for Website Image Optimization

6 Critical Flaws That Can Crash Your Website or App Under Load

A Guide to Paying Less For AWS CloudFront

5 Best Cybersecurity Practices for the Healthcare Industry

13 Tips For Choosing the Right Hosting Provider

The System Design Cheat Sheet: Cache

5 Tips for Website Image Optimization

6 Critical Flaws That Can Crash Your Website or App Under Load

A Guide to Paying Less For AWS CloudFront

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps