Cache poisoning: how it works and how to prevent it

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)

Cache poisoning is damaging of cached content with fake or malicious data. This kind of cybercrime takes place here and there regardless of type of web hosting. How is it performed, and are there any ways of prevention?

Caching of web content boost performance at both sides: server and the user. It is widely used in CDN (content deliver networks) to accelerate loading of data. Unluckily, the HTTP protocol that plays part in the mechanism of caching controls integrity on the server side only. Lack of authentication (especially in DNS software) gives hackers an opportunity to spoil the cache.

As soon as caching is completed, the visitor who gets access to the spoilt cache is sent illegitimate data, or is routed to an IP address that is under hacker’s control. That continues until the cache is removed or purges. To prevent cache poisoning, special technologies like SRI and firewalls used in CDN service can be exploited.

How it works

Cache poisoning can be performed several ways. One method presupposes taking over the origin server (for a few minutes or hours) so that to alter the web content and have it cached for a long period of time.

According to another method, the intermediate web cache server can be attacked by interfering into the synchronization of the HTTP requests and responses between the cache and the origin server. In this case, a hacker may split HTTP response and sent the malicious data to the web application via an HTTP request. After that, such content gets into HTTP response, and sent to visitors without validation (most often).

Generally, approaches to cache poisoning are the following:

  1. The hacker searches for flaws in the code and then inserts illegitimate headers into the HTTP header.
  2. The attacker removes legitimate content from the cache server.
  3. The hacker sends a malicious request or data (for instance, falsified DNS response) to the cache server.
  4. The spoilt content is stored in the cache.

Examples of cache poisoning

Typically, when DNS poisoning takes place, hackers change the genuine IP address in DNS cache with the address they use. Users of the attacked server are in the dark about the situation, and when they are served from this cache, they are redirected to the attacker’s malicious web-site. This may be either some malicious download web-site, or a web-site that steals personal information.

Cache poisoning does a lot of damage to both users and the web-sites that they try to access. It can literally ruin someone’s business making the infrastructure breakdown and the brand image discredited. Thus, it is important to make sure that the methods of security are strong enough. You can add to the security of DNS by using DNSSEC tool, limiting the recursive DNS queries and checking the data stored and sent to visitors. If you opt for a CDN service, make sure that enough security options are provided together with it.

Vadim Kolchev

52 publications

Vadim has graduated from Moscow Institute of Entrepreneurship and Law as finance and credit specialist. Prior to starting to work in hosting business directly, he occupied various roles in several companies, including but not limited to banking sphere and sports. As of 2015 he works for INXY Holding, with SpaceCDN being a vital part of the hosting branch of its business. Being tech enthusiast, he has started writing articles about dedicated servers, CDN, storage solutions and other hosting services long ago, and since then accumulated a lot of experience and knowledge in the field. Building hosting sales and support departments from scratch has added even more experience and knowledge and allowed to see the business from the inside and build required expertise. Now Vadim is CPO and COO of a successful hosting business. Having several important interviews and publications at platforms such as Hosting Journalist and Forbes, he continues to share knowledge about this branch of technology that has become not only his job but also a passion.

Learn more about us
in social networks