For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jose_Santiago_O's avatar
Jose_Santiago_O
Icon for Nimbostratus rankNimbostratus
Jun 22, 2009

Apache DOS and LTMs.

Hello,   Past week, the ISC team published some articles saying that there was some risk of DOS in Apache Servers:     http://isc.sans.org/diary.html?storyid=6601   http://isc.san...
config
design
hwidjaja_37598's avatar
hwidjaja_37598
Icon for Altostratus rankAltostratus
Jun 23, 2009
I think your apache servers behind BIG-IP are not affected. BIG-IP has Adaptive Reaping to protect DOS attack. Even though slowloris is not a TCP DoS but the equivalent of a SYN flood over HTTP, I believe this reaper will protect BIG-IP and the server behind from this attack. When BIG-IP starts running out of resource, it will begin closing idle connection.

 

 

Like what Aaron has mentioned earlier, using http vip would minimize the server impact.

 

 

References:

 

 

SOL4611: Overview of Adaptive Reaping (Click here):

 

The adaptive reapers are a DoS prevention measure and a function of available memory. As memory usage on the unit increases and additional SYNs are received, the BIG-IP system reacts to the excessive memory usage by closing idle connections

 

 

SOL7301: Protecting the BIG-IP LTM against denial of service attacks (Click here):

 

The BIG-IP system to remove connections from its connection table when the connection load surpasses a defined percentage of memory usage.