For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jose_Santiago_O's avatar
Jose_Santiago_O
Icon for Nimbostratus rankNimbostratus
Jun 22, 2009

Apache DOS and LTMs.

Hello,   Past week, the ISC team published some articles saying that there was some risk of DOS in Apache Servers:     http://isc.sans.org/diary.html?storyid=6601   http://isc.san...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jun 23, 2009
Hi,

 

 

Ben stated in this post (Click here) that he tested the client app against an ASM enabled virtual server and found ASM buffered the full request headers and payload before sending the request to the pool member.

 

 

Without ASM to buffer the request, I think it would depend on your VIP type and the type of attack. For an HTTP VIP, LTM by default buffers the HTTP headers before opening a server side connection. So if the malicious client was sending the headers very slowly, LTM should handle the attack.

 

 

I'm pretty sure that once the headers have been parsed, LTM sends data to the pool as it receives it. So you would potentially still be vulnerable to an attacker sending payloads very slowly. I suppose you could collect the payloads using HTTP::collect to handle the attack. LTM wouldn't suffer resource issues from collecting the request payload for the numbers of requests that have been described in the vulnerability. But collecting every request payload would add load to LTM and potentially add some latency to all client sessions.

 

 

Anyone else have ideas for this?

 

 

Aaron