Telco Transformation: enable you to deploy and offer DDoS mitigation-as-a-service at a low CapEx and a low OpEx.
Read more
Run Bastions Services on premises for a truly consistent and seamless hybrid experience
Learn more
TAP the lucrative market for DDoS Protection.
Be Our Partner
The Capture The Flag challenge: Get on the top of the scoreboard and win an Pentester Expert Coin !
Enroll now
In the first half of 2022, the total attack count and average attack size increased by 75.60% and decreased by 55.97% respectively compared to the figures recorded in the second half of 2021. Learn More
Cybersecurity best practices and DDoS defence strategies
In early 2020, a team of Chinese researchers found a new way to abuse HTTP packets to amplify web traffic and bring down websites and content delivery networks (CDNs). Named “RangeAmp”, the attack exploits the HTTP range requests attribute that allows clients (usually browsers) to request only a specific portion (range) of a file from a server.
Two types of RangeAmp attacks were identified. The first, known as a RangeAmp Small Byte Range (SBR) attack, is accomplished by sending a malformed HTTP range request to a CDN provider, which amplifies the traffic towards the destination server, eventually overwhelming the targeted site.
The second type is called a RangeAmp Overlapping Byte Range (OBR) attack. To exploit the RangeAmp OBR attack, the attacker also sends a malformed HTTP range request to a CDN provider, but in this case, the web traffic is funnelled through other CDN servers. This attack method amplifies the web traffic inside the CDN networks and not only crashes CDN servers, but also renders the CDNs and many other destination sites inaccessible.
HTTP Range Requests are part of the HTTP standard that allow web clients to request only a specific range of a file from the web server. This feature was created for pausing and resuming traffic in controlled (pause/resume actions) or uncontrolled (network congestion/disconnection) situations. RangeAmp attacks exploit the incorrect implementations of the HTTP range requests attribute by manipulating CDN servers to amplify traffic towards destination servers and ultimately crash targeted sites.
Nexusguard’s “RangeAmp Rule” is designed specifically to mitigate invalid requests that exploit this vulnerability.
Thank You!
We will get back to you shortly.
Nexusguard’s mitigation methodology involves filtering and stringent rule checking techniques that inspect all HTTP requests so that malicious or invalid requests never reach the backend server.
© 2023 Nexusguard - All Rights Reserved. Read Our Privacy Policy.