bmeshier_10715

Nov 15, 2011Nimbostratus

# Exponential back off on failed logins

I'm trying to implement an exponential back off to thwart dictionary attacks. I'm currently being hit by over 5,000+ unique IPs, so linear rate limiting is not an effective solution.

http://en.wikipedia.org/wiki/Exponential_backoff

Using the algorithm below, where 'T' is seconds before they can attempt another login and 'c' is the number of failed attempts.

T(c) = (2^c -1) / 2

I'm comfortable with general iRule aspects but tying in time with subtables is throwing me for a loop. If anyone wants to give it a crack, for simplicity write an exponential back off for any POST request.