CDN Cannon: Exploiting CDN Back-to-Origin Strategies for Amplification Attacks

Content Delivery Networks (CDNs) are widely adopted to enhance web performance and offer protection against DDoS attacks. However, our research unveils a critical vulnerability within CDN back-to-origin strategies, allowing attackers to exploit these mechanisms for massive amplification attacks, termed as Back-to-Origin Amplification (BtOAmp) attacks. These attacks leverage CDN configurations that prioritize performance over security, leading to the exhaustion of origin server resources.

In this talk, we will introduce a new class of HTTP amplification attacks that leverage CDN edge servers as amplifiers to break CDN’s DDoS protection mechanisms. By systematically exploring the CDN back-to-origin strategies, we identified five amplification attacks that can effectively compromise the CDN’s DDoS protection by directly attacking the origin server. Our experiments show that an attacker can destroy a 1 Gbps bandwidth website using only a laptop with 200 Kbps bandwidth.

We will also discuss mitigation strategies, along with our responsible disclosure process, where multiple CDN vendors acknowledged the vulnerabilities. This research underscores the need for CDN operators and users to recognize the latent risks within CDN infrastructures and adopt proactive security measures.

By:
Zhiwei Lin | Master Student, National University of Singapore
Ziyu Lin | Student, Singapore Management University

Full Abstract and Presentation Materials:
https://www.blackhat.com/asia-25/briefings/schedule/#cdn-cannon-exploiting-cdn-back-to-origin-strategies-for-amplification-attacks-43932Black HatRead More