Forum Discussion
ltwagnon
May 06, 2014Ret. Employee
I haven't tackled a similar problem, but you could try attacking this one with an iRule. A while back, Jason Rahm created an iRule that does something similar to the idea that you are describing. Granted, Jason's iRule was targeted at defeating an SSL Renegotiation attack, but the logic is very similar.
if client attempts renegotiation more than 5 times in one minute, silently drop the connection
Here's a link to an article that outlines the iRule and logic behind it: https://devcentral.f5.com/articles/ssl-renegotiation-dos-attack-ndash-an-irule-countermeasure.U2lNxCjmqZc
I'm thinking you could do something similar.
if IP address returns resultCode"666" > 10 times in 5 minutes, block the IP for x minutes
We could help with iRule syntax if you wanted to go this route.