Two academics from the Technical University of Cologne (TH Koln) have disclosed this week a new type of web attack that can poison content delivery networks (CDNs) into caching and then serving error pages instead of legitimate websites.
The new attack has been named CPDoS (Cache-Poisoned Denial-of-Service), has three variants, and has been deemed practical in the real world (unlike most other web cache attacks).
HOW CPDOS ATTACKS WORK
CPDoS attacks are aimed at two components of the modern web — (1) web servers and (2) content delivery networks.
Web servers store the original website and its content, while CDNs store a cached copy of the website that is only refreshed at certain time intervals.
Despite their simplistic role, CDNs are a crucial part of the modern internet, as they can alleviate the load on web servers. Instead of a web server computing the same user request over and over again, a CDN can provide some of the incoming users with a copy of the website, until the CDN refreshes itself with a new version.
CDNs are widey used. Any attack on a CDN system can have devastating consequences on a website’s availability, and, hence, it’s profitability.
Read more: ZDnet.com