Mitigating Nuclear DDoSer, R-U-Dead-Yet, Dirt Jumper, Keep-Dead, and Tor Hammer with F5
It’s an unofficial DDoS week, as attacks continue against major US financial institution web sites. F5 has people onsite helping to mitigate these attacks but due to non-disclosure agreements we can’...
Published Sep 29, 2012
Version 1.0
Some versions of dirt Jumper don't include // in their referrer field. Here's an easy iRule for mitigation
when HTTP_REQUEST {
if { [HTTP::header exists "Referer"] } {
if { not ([HTTP::header "Referer"] contains "\x2F\x2F") } {
drop
}
}
}