For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Xylene_UK_11374's avatar
Xylene_UK_11374
Icon for Nimbostratus rankNimbostratus
Jul 20, 2011

pyloris help to block using LTM / iRules only

Looking for information about mitigating attacks made by PyLoris, a similar tool to Slowloris. Do the irule suggestions on the F5 site for mitigating Slowloris apply to this tool as well? If not, are there non-ASM mitigation strategies?

 

 

more infor:- http://motomastyle.com/pyloris/

 

security

1 Reply

  • Xylene_UK_11374's avatar
    Xylene_UK_11374
    Icon for Nimbostratus rankNimbostratus
    Jul 20, 2011

     

    PyLoris is SlowLoris rewritten in Python to provide a couple of tweaks. Essentially, any setup that causes the BigIP to read data from the client before it opens a connection to a pool member, and times out idle/slow connections in a reasonable time then both CLowLoris and PyLoris are defeated.

     

     

    The existing iRules specified in Solution 10260 will mitigate this attack for LTM.