Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral


articlednsmanagementadnnewstechtip October 04, 2012 by Ben Cuthbert
DNS is inherently insecure and exposed. F5 customers have been seeing a spate of DNS attacks and DNS denial of service lately, and I thought it would be a good idea to analyze a few of the common attack vectors, and ways F5s GTM, or LTM DNS Services helps mitigate these attacks, and protect your DNS infrastructure. For many years we’ve commonly deployed GTM in delegated mode, where we create a CNAME for the GTM, and then redirect specific hostnames that require global load balancing to ...
articleadnnewstechtip May 15, 2012 by Josh Michaels
The bogeyman, the monster under the bed, the creature lurking in the darkness waiting to pounce…  That’s what it feels like we have made Denial of Service attacks out to be. What is a Denial of Service attack?  Pretty self explanatory..   attacks that are directed at removing the ability to use a service.  Most commonly, we see Denial of Service attacks succeed by causing some form of resource exhaustion. This could b...
Last month I posted a Tech Tip using iRules to mitigate the slow POST DDoS attack. The example that I posted was an early prototype that was passed around an internal mailing list. I listed a few “gotchas” in my original post, but it wasn’t long until the folks started chatting about it and had an improved implementation. A couple of the limitations mentioned with the first solution were the 4MB TMM payload collection ceiling and not using the Content-Length header to determine payload collecti...
This past week researchers demonstrated a new HTTP DDoS attack in which a slow POST request will result in leaving a connection open longer than necessary. The heart of the attack relies on sending a POST request with given “content-length” then very slowly sending the POST message body to the server. The server will leave the connection open as it continues to receive data. If a large number of these requests are executed against a server, there is potential for exhausting the connection table ...