bmeshier_10715
Nov 15, 2011Nimbostratus
Exponential back off on failed logins
I'm trying to implement an exponential back off to thwart dictionary attacks. I'm currently being hit by over 5,000+ unique IPs, so linear rate limiting is not an effective solution.
http://en.wikipedia.org/wiki/Exponential_backoff
Using the algorithm below, where 'T' is seconds before they can attempt another login and 'c' is the number of failed attempts.
T(c) = (2^c -1) / 2
I'm comfortable with general iRule aspects but tying in time with subtables is throwing me for a loop. If anyone wants to give it a crack, for simplicity write an exponential back off for any POST request.