CDN Backfired: Amplification Attacks Based on HTTP Range Requests

DSN 2020, download

Weizhong Li , Kaiwen Shen , Run Guo , Baojun Liu , Jia Zhang , Haixin Duan , Shuang Hao , Xiarun Chen , Yao Wang .

Abstract

Content Delivery Networks (CDNs) aim to improve network performance and protect against web attack traffic for their hosting websites. And the HTTP range request mechanism is majorly designed to reduce unnecessary network transmission. However, we find the specifications failed to consider the security risks introduced when CDNs meet range requests.

In this study, we present a novel class of HTTP amplifi- cation attack, Range-based Amplification (RangeAmp) Attacks. It allows attackers to massively exhaust not only the outgoing bandwidth of the origin servers deployed behind CDNs but also the bandwidth of CDN surrogate nodes. We examined the RangeAmp attacks on 13 popular CDNs to evaluate the feasibility and real-world impacts. Our experiment results show that all these CDNs are affected by the RangeAmp attacks. We also disclosed all security issues to affected CDN vendors and already received positive feedback from all vendors.