Feeds

Web cache hardware launches DoS attacks, site claims

Bad engineering or bug blackmail?

  • alert
  • submit to reddit

Top three mobile application threats

California computer equipment reseller Altima Solutions believes that Web caching equipment by Cacheflow often malfunctions so as to inadvertently attack their site and bring it down.

The reported defect, curiously, affects only e-commerce sites running Intershop sales software, Altima says.

The Cacheflow bug, one imagines, somehow interacts with Intershop and "requests page updates one to three times a second, causing tens of thousands of requests much like a DoS attack," Altima President Tarek Ayoub told The Register.

"Initially we thought we were being attacked by hackers," Ayoub says. "We were surprised to learn that it originated from [innocent] sources that have one thing in common, the Cacheflow equipment."

The crippling 'attacks' began over a year ago "at the height of the Christmas shopping season" and have persisted to the present. In all, the site has suffered nine or ten incidents severe enough to knock it over.

Cacheflow's response to Altima's requests for help have been characterized by "stonewalling, denial and arrogance," Ayoub told us.

After trying and failing to get Cacheflow's attention, the company contacted the FBI, but the Bureau was "unable to help us," Ayoub reports. "They don't have a lot of agents, so they're very busy," he explained.

He reckons that other sites are having similar problems and offered us a list of Intershop users, but stopped short of saying that any of them has in fact reported difficulties. "We suspect smaller companies are having trouble," he said.

If the problem persists, Altima may well be driven out of business, Ayoub says.

Excuse us?
Altima's problems, however unfortunate, are unquestionably the result of inept Web design, the other side says. The bug claims are "completely inflammatory and without any basis in fact," Cacheflow Marketing VP Patrick Harr told The Register.

The company looked carefully at numerous logs supplied by Altima and found no evidence that Cacheflow servers are implicated. Furthermore, requests for the details of Altima's software and network configurations have gone unheeded, Harr says.

He denied flatly that any Web site besides Altima has reported problems of this nature.

Altima is "a company short of cash that's looking for angles," he believes.

Indeed, Cacheflow is a far larger outfit than Altima, and might well be expected to cough up a few tens of thousands to settle a dispute quietly, and so avoid negative publicity. And by Ayoub's own admission, Altima is in some financial difficulties.

So, what have we here? An arrogant, insensitive Goliath cavalierly brushing aside the legitimate squeals of an injured little guy? Or an opportunistic little parasite desperate to survive, essentially blackmailing a big, juicy host with bug innuendo?

Tough question. You make the call. ®

High performance access to file storage

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
Dropbox defends fantastically badly timed Condoleezza Rice appointment
'Nothing is going to change with Dr. Rice's appointment,' file sharer promises
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
BOFH: Oh DO tell us what you think. *CLICK*
$%%&amp Oh dear, we've been cut *CLICK* Well hello *CLICK* You're breaking up...
Just what could be inside Dropbox's new 'Home For Life'?
Biz apps, messaging, photos, email, more storage – sorry, did you think there would be cake?
IT bods: How long does it take YOU to train up on new tech?
I'll leave my arrays to do the hard work, if you don't mind
Amazon reveals its Google-killing 'R3' server instances
A mega-memory instance that never forgets
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.