iTnews

RangeAmp attacks turn CDNs into giant DoS cannons

By Juha Saarinen on May 26, 2020 10:14PM
RangeAmp attacks turn CDNs into giant DoS cannons

No botnet needed, just a laptop.

Chinese researchers have outlined a way to abuse small requests to web servers hosted through content delivery networks that allows attackers to generate DDoS attacks.

Named RangeAmp [pdf] the attack exploits the hyper text transfer protocol (HTTP) Range Requests attribute to ask for a random, small amount of data from a large file on a server, like a byte out of gigabyte and terabyte sized resources.

Since a CDN is unlikely to have the small amount of data cached, it will have to request the entire large file from the origin server it is stored on, just to serve up a byte of it.

Once the server has transferred the large file to the CDN, the latter system then has to cache the data everywhere.

Meanwhile, the attacker's client that made the malicious request will only receive small amounts of data, making the attack cheap and efficient.

"Unlike other DDoS attacks that need to control a large scale of botnets, the attacker only needs an ordinary laptop to launch the RangeAmp attacks.

The ingress nodes of CDNs are scattered around the world, coming into a natural distributed ‘botnet’.

This makes a RangeAmp attacker able to easily congest the target network and even create a denial of service in seconds, while the attacker pays a small cost," the researchers wrote.

In the worst-case Small Byte Range (SBR) RangeAmp scenario, the researchers were able to generate over 43,000 times larger responses for CDNs and origin servers than the one received by the attacker.

The large amounts of traffic generated could be very costly for CDN customers, the researchers noted.

Flawed CDN implementations of unclear Request for Comment (RFC) internet standards documents are the root cause of the RangeAmp attacks, the researchers said.

Several CDNs were tested and found vulnerable to RangeAmp attacks, including Akamai, Microsoft Azure, Amazon Web Services' Cloudfront, Alibaba Cloud, Huawei Cloud, and Fastly.

Of the 13 CDNs the researchers tested and which were given seven months to work out mitigations against RangeAmp, only Cloudflare decided against implementing measures against the attack.

"Unfortunately, they won’t implement our mitigation solutions because Cloudflare does not want to cache partial responses of certain resources.

"And they [Cloudflare] insisted that they are not deviating away from the specifications," the researchers wrote.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
akamai alibaba cloud amazon azure cdns cloud cloudflare cloudfront fastly huawei microsoft security tencent

Partner Content

As Australian companies lean more heavily on the cloud, edge security is finding its stride
Partner Content As Australian companies lean more heavily on the cloud, edge security is finding its stride
Setting a path to self-funded mainframe-to-cloud modernisation with Micro Focus
Promoted Content Setting a path to self-funded mainframe-to-cloud modernisation with Micro Focus
Preventing cybercrime in the world of forex trading
Promoted Content Preventing cybercrime in the world of forex trading
What conversations should executives be having about cyber security?
Partner Content What conversations should executives be having about cyber security?

Sponsored Whitepapers

The top 5 tech trends to deliver business outcomes
The top 5 tech trends to deliver business outcomes
10 reasons why businesses need to invest in cloud security training
10 reasons why businesses need to invest in cloud security training
Your guide to application security solutions
Your guide to application security solutions
State of Software Security: Open Source Edition
State of Software Security: Open Source Edition
Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • [iTnews and Micro Focus] Navigating the cloud modernisation minefield
By Juha Saarinen
May 26 2020
10:14PM
0 Comments

Related Articles

  • Microsoft, Amazon, Cisco, Salesforce alarmed at security incident response takeover by govt
  • Flinders Uni builds real-time data system on three-cloud solution
  • Patch Wednesday fixes 'worst-case scenario' Exchange bug
  • Researchers warn of unfixable DNS denial of service NXNSAttack
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

TPG Telecom to start enticing NBN customers to move

TPG Telecom to start enticing NBN customers to move

Infosys scores another $40m for Centrelink payments engine build

Infosys scores another $40m for Centrelink payments engine build

Telstra InfraCo opens up telco's own fibre network

Telstra InfraCo opens up telco's own fibre network

Transport for NSW data stolen in Accellion breach

Transport for NSW data stolen in Accellion breach

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.