The Case for Real-Time Analytics: Forwarding Loop Attacks
Network administrators beware – a newly identified attack vector could cause you to DDoS yourself.
Researchers in China have alerted the CDN industry to new ways to levy a forwarding loop attack. In their whitepaper posted to internetsociety.org a team of 8 researchers from Canada and China have identified new mechanisms to exploit a long-standing vulnerability for businesses using multiple CDN providers. Vulnerability Note VU#938151 provides a synopsis of the exposure, but as the research paper dictates, beyond forwarding loop detection mechanisms – like those that Yottaa provides our customers through our ImpactAnalytics and managed service offering – the real solution requires collaboration across CDN providers.
The Content Distribution Network Interconnection (CDNI) working group of the IETF has done some work on standardizing how multiple CDNs can cooperate with each other, however they have yet to consider the problem of forwarding loops, which could occur when the edge server forwards the request to the original website. While the industry grapples with how to standardize across multiple providers where a single point of administration and control is not possible, we advise our readers to discuss this vulnerability with their CDN provider to understand their exposure and the potential for site traffic to be compromised as a result of such an attack.