Forum Discussion

Nimbostratus

Aug 09, 2013

ASM & Hydra verification request

Hi, We have PoC at one of ours client and I was preparing labs with PHPAuction, ASM and Hyrda. Lab was aimed to show that automated (with Hydra) brute force attack on login page (user_login.php)...

app sec

BIG-IP Access Policy Manager (APM)

security

ltwagnon

Ret. Employee

Sep 20, 2013

Have you tried the session based anomaly detection? If you generated 3500 new sessions in 10 seconds, you should be able to configure the ASM to detect an abnormal number of new sessions in a given time period and block based on those settings. Here's a link to an article I wrote on session and transaction based anomaly detection/mitigation: https://devcentral.f5.com/articles/these-are-not-the-scrapes-youre-looking-for-session-anomalies.UjxueLEo7IU

Essentially what happens is that the ASM detects the number of sessions opened per second and, if too many sessions are opened, it starts blocking requests.

I hope this helps! John

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)