Mitigating Nuclear DDoSer, R-U-Dead-Yet, Dirt Jumper, Keep-Dead, and Tor Hammer with F5
It’s an unofficial DDoS week, as attacks continue against major US financial institution web sites. F5 has people onsite helping to mitigate these attacks but due to non-disclosure agreements we can’...
Published Sep 29, 2012
Version 1.0David_Holmes_12
Historic F5 Account
Joined December 19, 2012
David_Holmes_12
Historic F5 Account
Joined December 19, 2012
David_Holmes_12
Jun 09, 2013Historic F5 Account
Some versions of dirt Jumper don't include // in their referrer field. Here's an easy iRule for mitigation
when HTTP_REQUEST {
if { [HTTP::header exists "Referer"] } {
if { not ([HTTP::header "Referer"] contains "\x2F\x2F") } {
drop
}
}
}