Google uses its "spider" FeedFetcher to cache any content in Google Spreadsheet inserted using the formula =image("link").
https://docs.google.com/spreadsheet/
For example, if you insert a formula in one of the table cells
Google will send the FeedFetcher spider to download this image and cache it for further display in the table.
However, if you add a random parameter to the image URL, FeedFetcher will download it again each time. For example, the victim's website has a 10 MB PDF file. Inserting such a list into a table will cause the Google spider to download the same file 1000 times!
All this can lead to the exhaustion of the traffic limit for some site owners. Anyone using just a browser with one tab open can launch a massive HTTP GET FLOOD attack on any web server.
The attacker doesn't even need to have a fast channel. Since the formula uses a link to a PDF file (i.e., not to an image that could be displayed in the table), the attacker receives only N/A in response from the Google server. This makes it quite easy to multiply the attack [Analogous to DNS and NTP Amplification-approx. translator's note], which is a serious threat.
Using a single laptop with multiple tabs open, just by copying and pasting lists of links to files of 10 MB each, the Google spider can download this file at speeds of more than 700 Mbps.
In my case, it lasted for 30-45 minutes, until I shut down the server. If I calculated everything correctly, it took about 240GB of traffic in 45 minutes.
https://docs.google.com/spreadsheet/
For example, if you insert a formula in one of the table cells
Code:
=image("http://example.com/image.jpg")Google will send the FeedFetcher spider to download this image and cache it for further display in the table.
However, if you add a random parameter to the image URL, FeedFetcher will download it again each time. For example, the victim's website has a 10 MB PDF file. Inserting such a list into a table will cause the Google spider to download the same file 1000 times!
Code:
=image("http://targetname/file.pdf?r=1")
=image("http://targetname/file.pdf?r=2")
=image("http://targetname/file.pdf?r=3")
=image("http://targetname/file.pdf?r=4")
...
=image("http://targetname/file.pdf?r=1000")All this can lead to the exhaustion of the traffic limit for some site owners. Anyone using just a browser with one tab open can launch a massive HTTP GET FLOOD attack on any web server.
The attacker doesn't even need to have a fast channel. Since the formula uses a link to a PDF file (i.e., not to an image that could be displayed in the table), the attacker receives only N/A in response from the Google server. This makes it quite easy to multiply the attack [Analogous to DNS and NTP Amplification-approx. translator's note], which is a serious threat.
Using a single laptop with multiple tabs open, just by copying and pasting lists of links to files of 10 MB each, the Google spider can download this file at speeds of more than 700 Mbps.
In my case, it lasted for 30-45 minutes, until I shut down the server. If I calculated everything correctly, it took about 240GB of traffic in 45 minutes.
