Given that this is now published, it seems like it’s just a matter of time before bad actors discover the vulnerable middleboxes (trivial since they operate on TCP port 80 on public IPv4 addresses) and we start seeing some really nasty DOS attacks. The infinite loop variants seem particularly bad - a nation state may not even notice that one of their censorship middleboxes is spamming a hapless victim server into oblivion.
This doesn’t look pretty. Kudos to the researchers for discovering it, but I’m definitely afraid that it’ll be hard or impossible to mitigate for anyone except the biggest CDNs. I certainly would not expect the middleboxes to remediate this.
This doesn’t look pretty. Kudos to the researchers for discovering it, but I’m definitely afraid that it’ll be hard or impossible to mitigate for anyone except the biggest CDNs. I certainly would not expect the middleboxes to remediate this.