1、#BHAS BlackHatEventsCDN Cannon:Exploiting CDN Back-to-Origin Strategies for Amplification Attacks1#BHAS BlackHatEvents2What is a Content Delivery Network(CDN)?UserOrigin#BHAS BlackHatEvents3What is a Content Delivery Network(CDN)?UserOriginCDN Reduce bandwidth costs Provide DDoS defense Improve webs
2、ite load timeshttps:/ BlackHatEvents4CDN Usage Statisticshttps:/ BlackHatEvents5Clinet-CDN ConnectionCDN-Origin ConnectionClientCDNOriginHow a CDN works?#BHAS BlackHatEvents6Back-to-Origin StrategiesImprove website load timesClientCDNOriginHit the cacheGET/index.html HTTP/1.1HTTP/1.1 200 OKX-Cache-L
3、ookup:Cache Hit#BHAS BlackHatEvents7Back-to-Origin StrategiesReduce bandwidth costsClientCDNOriginCDN modify HTTP request and responseReduced trafficNormal traffic#BHAS BlackHatEvents8BtOAmp Attacks#BHAS BlackHatEventsImage Optimization Strategies9ClientCDNOriginImage CompressionWebp ImageGET/test.p
4、ng?format=webp GET/test.png PNG Image#BHAS BlackHatEventsImage Optimization Strategies10ClientCDNOriginImage Croppingoriginal ImageGET/test.png?crop=100,100 GET/test.png 100 x100 Image#BHAS BlackHatEventsImage Optimization AttackGET/test.png?crop=1,1Small TraficLarge TraficAttackerCDNOrigin11origina
5、l Imageone pixelGET/test.png#BHAS BlackHatEventsRequest Modification Strategy12Rewrite URLGET/a.png HTTP/1.1GET/image/a.png HTTP/1.1CDNOriginRewrite URLClient#BHAS BlackHatEventsRequest Modification Strategy13Modify request headerGET/a.png HTTP/1.1GET/a.png HTTP/1.1X-Forwarded-For:1.2.3.4CDNOriginAd
6、d HTTP headersClient#BHAS BlackHatEventsRequest Modification Attack(1)Deploy victims website on CDN14#BHAS BlackHatEventsRequest Modification Attack(2)Configure the request modification strategy#BHAS BlackHatEventsRequest Modification AttackPOST/a HTTP/1.1POST/aaa HTTP/1.1big name:big valuebig name: