Feeds

Web cache hardware launches DoS attacks, site claims

Bad engineering or bug blackmail?

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

California computer equipment reseller Altima Solutions believes that Web caching equipment by Cacheflow often malfunctions so as to inadvertently attack their site and bring it down.

The reported defect, curiously, affects only e-commerce sites running Intershop sales software, Altima says.

The Cacheflow bug, one imagines, somehow interacts with Intershop and "requests page updates one to three times a second, causing tens of thousands of requests much like a DoS attack," Altima President Tarek Ayoub told The Register.

"Initially we thought we were being attacked by hackers," Ayoub says. "We were surprised to learn that it originated from [innocent] sources that have one thing in common, the Cacheflow equipment."

The crippling 'attacks' began over a year ago "at the height of the Christmas shopping season" and have persisted to the present. In all, the site has suffered nine or ten incidents severe enough to knock it over.

Cacheflow's response to Altima's requests for help have been characterized by "stonewalling, denial and arrogance," Ayoub told us.

After trying and failing to get Cacheflow's attention, the company contacted the FBI, but the Bureau was "unable to help us," Ayoub reports. "They don't have a lot of agents, so they're very busy," he explained.

He reckons that other sites are having similar problems and offered us a list of Intershop users, but stopped short of saying that any of them has in fact reported difficulties. "We suspect smaller companies are having trouble," he said.

If the problem persists, Altima may well be driven out of business, Ayoub says.

Excuse us?
Altima's problems, however unfortunate, are unquestionably the result of inept Web design, the other side says. The bug claims are "completely inflammatory and without any basis in fact," Cacheflow Marketing VP Patrick Harr told The Register.

The company looked carefully at numerous logs supplied by Altima and found no evidence that Cacheflow servers are implicated. Furthermore, requests for the details of Altima's software and network configurations have gone unheeded, Harr says.

He denied flatly that any Web site besides Altima has reported problems of this nature.

Altima is "a company short of cash that's looking for angles," he believes.

Indeed, Cacheflow is a far larger outfit than Altima, and might well be expected to cough up a few tens of thousands to settle a dispute quietly, and so avoid negative publicity. And by Ayoub's own admission, Altima is in some financial difficulties.

So, what have we here? An arrogant, insensitive Goliath cavalierly brushing aside the legitimate squeals of an injured little guy? Or an opportunistic little parasite desperate to survive, essentially blackmailing a big, juicy host with bug innuendo?

Tough question. You make the call. ®

Security for virtualized datacentres

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
CAGE MATCH: Microsoft, Dell open co-located bit barns in Oz
Whole new species of XaaS spawning in the antipodes
AWS pulls desktop-as-a-service from the PC
Support for PCoIP protocol means zero clients can run cloudy desktops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.