Bandwidth depletion in CDN era
Denial of Service (DoS) is classified as a disruptive attack. It comes in many forms and vectors, mostly targeting servers, web-hosts, or other system and network bottlenecks. Most webmasters await until the wave passes-by as means of mitigation. Of the more scarce resources of classic web-hosting is the network bandwidth quota. While CDNs and other caching solution prevent the drainage of this asset, it seems that only the download direction has been accounted for. Uploads, remain wide open for exploitation and attack.
In this work, we show how to exploit this venue. We demonstrate how to attack a host, disrupting its service irrespective of caching/WAF solutions. As an added bonus, it turns out that for some prevalent setups, we can disrupt other websites on the same shared environment.