Slowloris

This shouldn't happen in most circumstances. The principal behind Slowloris to remain fairy low profile on the wire. It would only take ~600 connections and a very negligible amount of bandwidth to affect one of the threaded web servers that is vulnerable to this which should be little more than a drop in the proverbial bucket for the ASM devices. Even when the volume is increased, nearing more of a 'DoS-by-volume' than a 'Slowloris' type attack, the network layer on the ASM and LTM use a handful of methods to control this type of attack (SynCookies, aggressive connection reaping, et cetera). Though when the volume is increased, this truly becomes a traditional DoS attack, using simple volume in an attempt to overwhelm, rather than the more targeted and light-on-the-wire approach that the 'Slowloris' method uses.

 

 

// Ben