There recently as been an increase in the number of distributed denial-of-service (DDoS) attacks, the most basic of which involves overloading the targeted file server with requests, effectively blocking out legitimate users. Many companies use several servers spread far apart, known as content-delivery networks, as a defense against DDoS. However, a research effort led by Case Western Reserve University professor Michael Rabinovich found that content-delivery networks could make websites more vulnerable to DDoS attacks.
The researchers found that attackers can add a query string to the target URL, tricking the content-delivery network's server into passing it along to the origin server, which will supply the file. Essentially, the attacker can force an edge server to consult the origin server at any time. Additionally, the attacker's computer can cancel the connection immediately after requesting a file, a method that requires little computing power.
However, some in the industry say the scenario laid out by Rabinovich is unrealistic. "This attack doesn't happen in practice, so customers don't bother," says Duke University professor and Akamai vice president for research Bruce Maggs.
From IEEE Spectrum
View Full Article
Abstracts Copyright © 2011 Information Inc., Bethesda, Maryland, USA
No entries found