Security researchers uncovered a dangerous new hacking mechanisms which allows criminals to launch devastating attacks against content delivery networks. The new attack type is known as CPDoS which stands for “Cache-Poisoned Denial-of-Service “, this is categorized is a type of web cache poisoning attack which can temporarily disable the web services and allocated resources.
Content Delivery Networks Targeted By New CPDoS Attack Technique
A new dangerous hacking strategy has been discovered by security researchers. The criminals have been using it to target large networks including content delivery networks which allocate resources for numerous web services and sites. The technique is called Cache-Poisoned Denial-of-Service (CPDoS) and is described as a new type of web cache poisoning. This strategy can be very effective for temporarily taking down public network infrastructures and to a certain extent it can be automated using a software toolkit.
The way this is done is by sending out malware crafted headers to the target servers. The request will be processed by the intermediate cache as part of the proper execution. The cached data will forward the network request to the origin servers. There the malware headers will be run and this will result in an error. The result will be stored by the caching machine instead of the actual resource. By doing so the hackers will be able to access the error page. This will also in practice replace the resource for all site visitors which will render the contents inaccessible. The available research shows that there are three variants at the moment:
- HTTP Header Oversize — This is used in scenarios where the web applications have been configured to accept cache data which has a larger header size limit than the origin server can send. These services will receive a HTTP GET request that will not fit the intended cache size. In this particular case there are two main methods which can be used — the first one will the sending out of malware headers containing multiple headers. The other technique is to include a header with an oversized value.
- HTTP Meta Character — This method will rely in bypassing the cache with a header that contains a malware meta character. This will also lead to the presentation of the error page.
- HTTP Method Override Attack — This is another method which relies on active interaction with the target servers.
So far the majority of of servers that have been targeted are located in Europe and Asia. These methods are all used to effectively to take down the target servers. They have been effective against machines belonging to different companies. Thanks to the in-depth analysis carried out by the experts some of the intrusion attempts can be blocked by setting up appropriate firewalls and filters.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: