Web cache hardware launches DoS attacks, site claims
Bad engineering or bug blackmail?
The reported defect, curiously, affects only e-commerce sites running Intershop sales software, Altima says.
The Cacheflow bug, one imagines, somehow interacts with Intershop and "requests page updates one to three times a second, causing tens of thousands of requests much like a DoS attack," Altima President Tarek Ayoub told The Register.
"Initially we thought we were being attacked by hackers," Ayoub says. "We were surprised to learn that it originated from [innocent] sources that have one thing in common, the Cacheflow equipment."
The crippling 'attacks' began over a year ago "at the height of the Christmas shopping season" and have persisted to the present. In all, the site has suffered nine or ten incidents severe enough to knock it over.
Cacheflow's response to Altima's requests for help have been characterized by "stonewalling, denial and arrogance," Ayoub told us.
After trying and failing to get Cacheflow's attention, the company contacted the FBI, but the Bureau was "unable to help us," Ayoub reports. "They don't have a lot of agents, so they're very busy," he explained.
He reckons that other sites are having similar problems and offered us a list of Intershop users, but stopped short of saying that any of them has in fact reported difficulties. "We suspect smaller companies are having trouble," he said.
If the problem persists, Altima may well be driven out of business, Ayoub says.
Altima's problems, however unfortunate, are unquestionably the result of inept Web design, the other side says. The bug claims are "completely inflammatory and without any basis in fact," Cacheflow Marketing VP Patrick Harr told The Register.
The company looked carefully at numerous logs supplied by Altima and found no evidence that Cacheflow servers are implicated. Furthermore, requests for the details of Altima's software and network configurations have gone unheeded, Harr says.
He denied flatly that any Web site besides Altima has reported problems of this nature.
Altima is "a company short of cash that's looking for angles," he believes.
Indeed, Cacheflow is a far larger outfit than Altima, and might well be expected to cough up a few tens of thousands to settle a dispute quietly, and so avoid negative publicity. And by Ayoub's own admission, Altima is in some financial difficulties.
So, what have we here? An arrogant, insensitive Goliath cavalierly brushing aside the legitimate squeals of an injured little guy? Or an opportunistic little parasite desperate to survive, essentially blackmailing a big, juicy host with bug innuendo?
Tough question. You make the call. ®
Sponsored: Global DDoS threat landscape report