Feeds

Web cache hardware launches DoS attacks, site claims

Bad engineering or bug blackmail?

  • alert
  • submit to reddit

Combat fraud and increase customer satisfaction

California computer equipment reseller Altima Solutions believes that Web caching equipment by Cacheflow often malfunctions so as to inadvertently attack their site and bring it down.

The reported defect, curiously, affects only e-commerce sites running Intershop sales software, Altima says.

The Cacheflow bug, one imagines, somehow interacts with Intershop and "requests page updates one to three times a second, causing tens of thousands of requests much like a DoS attack," Altima President Tarek Ayoub told The Register.

"Initially we thought we were being attacked by hackers," Ayoub says. "We were surprised to learn that it originated from [innocent] sources that have one thing in common, the Cacheflow equipment."

The crippling 'attacks' began over a year ago "at the height of the Christmas shopping season" and have persisted to the present. In all, the site has suffered nine or ten incidents severe enough to knock it over.

Cacheflow's response to Altima's requests for help have been characterized by "stonewalling, denial and arrogance," Ayoub told us.

After trying and failing to get Cacheflow's attention, the company contacted the FBI, but the Bureau was "unable to help us," Ayoub reports. "They don't have a lot of agents, so they're very busy," he explained.

He reckons that other sites are having similar problems and offered us a list of Intershop users, but stopped short of saying that any of them has in fact reported difficulties. "We suspect smaller companies are having trouble," he said.

If the problem persists, Altima may well be driven out of business, Ayoub says.

Excuse us?
Altima's problems, however unfortunate, are unquestionably the result of inept Web design, the other side says. The bug claims are "completely inflammatory and without any basis in fact," Cacheflow Marketing VP Patrick Harr told The Register.

The company looked carefully at numerous logs supplied by Altima and found no evidence that Cacheflow servers are implicated. Furthermore, requests for the details of Altima's software and network configurations have gone unheeded, Harr says.

He denied flatly that any Web site besides Altima has reported problems of this nature.

Altima is "a company short of cash that's looking for angles," he believes.

Indeed, Cacheflow is a far larger outfit than Altima, and might well be expected to cough up a few tens of thousands to settle a dispute quietly, and so avoid negative publicity. And by Ayoub's own admission, Altima is in some financial difficulties.

So, what have we here? An arrogant, insensitive Goliath cavalierly brushing aside the legitimate squeals of an injured little guy? Or an opportunistic little parasite desperate to survive, essentially blackmailing a big, juicy host with bug innuendo?

Tough question. You make the call. ®

3 Big data security analytics techniques

More from The Register

next story
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Kingston DataTraveler MicroDuo: Turn your phone into a 72GB beast
USB-usiness in the front, micro-USB party in the back
AMD's 'Seattle' 64-bit ARM server chips now sampling, set to launch in late 2014
But they won't appear in SeaMicro Fabric Compute Systems anytime soon
Brit boffins use TARDIS to re-route data flows through time and space
'Traffic Assignment and Retiming Dynamics with Inherent Stability' algo can save ISPs big bucks
Microsoft's Nadella: SQL Server 2014 means we're all about data
Adds new big data tools in quest for 'ambient intelligence'
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.