1 research outputs found
Measuring CDNs susceptible to Domain Fronting
Domain fronting is a network communication technique that involves leveraging
(or abusing) content delivery networks (CDNs) to disguise the final destination
of network packets by presenting them as if they were intended for a different
domain than their actual endpoint. This technique can be used for both benign
and malicious purposes, such as circumventing censorship or hiding
malware-related communications from network security systems. Since domain
fronting has been known for a few years, some popular CDN providers have
implemented traffic filtering approaches to curb its use at their CDN
infrastructure. However, it remains unclear to what extent domain fronting has
been mitigated.
To better understand whether domain fronting can still be effectively used,
we propose a systematic approach to discover CDNs that are still prone to
domain fronting. To this end, we leverage passive and active DNS traffic
analysis to pinpoint domain names served by CDNs and build an automated tool
that can be used to discover CDNs that allow domain fronting in their
infrastructure. Our results reveal that domain fronting is feasible in 22 out
of 30 CDNs that we tested, including some major CDN providers like Akamai and
Fastly. This indicates that domain fronting remains widely available and can be
easily abused for malicious purposes