Content Delivery Networks: Protection or Threat?

  • Sipat Triukose
  • Zakaria Al-Qudah
  • Michael Rabinovich
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)


Content Delivery Networks (CDNs) are commonly believed to offer their customers protection against application-level denial of service (DoS) attacks. Indeed, a typical CDN with its vast resources can absorb these attacks without noticeable effect. This paper uncovers a vulnerability which not only allows an attacker to penetrate CDN’s protection, but to actually use a content delivery network to amplify the attack against a customer Web site. We show that leading commercial CDNs – Akamai and Limelight – and an influential research CDN – Coral – can be recruited for this attack. By mounting an attack against our own Web site, we demonstrate an order of magnitude attack amplification though leveraging the Coral CDN. We present measures that both content providers and CDNs can take to defend against our attack. We believe it is important that CDN operators and their customers be aware of this attack so that they could protect themselves accordingly.


Content Provider Random String Domain Name System Content Delivery Network Origin Server 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
  3. 3.
    Andersen, D.G.: Mayday: Distributed Filtering for Internet Services. In: 4th Usenix Symp. on Internet Technologies and Sys, Seattle, WA (March 2003)Google Scholar
  4. 4.
    The Coral content distribution network,
  5. 5.
    Dipzoom: Deep internet performance zoom,
  6. 6.
    ESI Language Specification 1.0. (August 2001),
  7. 7.
    Feldmann, A., Cáceres, R., Douglis, F., Glass, G., Rabinovich, M.: Performance of web proxy caching in heterogeneous bandwidth environments. In: INFOCOM, pp. 107–116 (1999)Google Scholar
  8. 8.
    Freedman, M.J., Freudenthal, E., Mazières, D.: Democratizing content publication with coral. In: NSDI, pp. 239–252 (2004)Google Scholar
  9. 9.
    Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: WWW, pp. 293–304 (2002)Google Scholar
  10. 10.
    Lee, K.-W., Chari, S., Shaikh, A., Sahu, S., Cheng, P.-C.: Improving the resilience of content distribution networks to large scale distributed denial of service attacks. Computer Networks 51(10), 2753–2770 (2007)CrossRefzbMATHGoogle Scholar
  11. 11.
  12. 12.
    Maggs, B.: Personal communication (2008)Google Scholar
  13. 13.
    Partridge, C., Mendez, T., Milliken, W.: RFC 1546: Host anycasting service (November 1993)Google Scholar
  14. 14.
    Rabinovich, M., Spatscheck, O.: Web Caching and Replication. Addison-Wesley, Reading (2001)Google Scholar
  15. 15.
    Scalzo, F.: Recent DNS reflector attacks (2006),
  16. 16.
    Su, A.-J., Choffnes, D.R., Kuzmanovic, A., Bustamante, F.E.: Drafting behind akamai (travelocity-based detouring). In: SIGCOMM, pp. 435–446 (2006)Google Scholar
  17. 17.
    Su, A.-J., Kuzmanovic, A.: Thinning Akamai. In: ACM IMC, pp. 29–42 (2008)Google Scholar
  18. 18.
    Triukose, S., Wen, Z., Rabinovich, M.: Content delivery networks: How big is big enough (poster paper). In: ACM SIGMETRICS, Seattle, WA (June 2009)Google Scholar
  19. 19.
    Vaughn, R., Evron, G.: DNS amplification attacks (2006),
  20. 20.
    Wang, L., Park, K., Pang, R., Pai, V.S., Peterson, L.: Reliability and security in the CoDeeN content distribution network. In: USENIX, pp. 171–184 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Sipat Triukose
    • 1
  • Zakaria Al-Qudah
    • 1
  • Michael Rabinovich
    • 1
  1. 1.EECS DepartmentCase Western Reserve UniversityUSA

Personalised recommendations