Mitigating Slow HTTP Post DDoS Attacks With iRules – Follow-up

Last month I posted a Tech Tip using iRules to mitigate the slow POST DDoS attack. The example that I posted was an early prototype that was passed around an internal mailing list. I listed a few “go...
Published Dec 03, 2010
Version 1.0
adn
application delivery
BIG-IP
ddos
dev
devops
iRules
news
security
tech tip
Masterbaker_119's avatar
Masterbaker_119
Icon for Nimbostratus rankNimbostratus
Sep 11, 2013
Hmm. In it's current form and with default values, wouldn't it be trivial for an attacker to just POST the first 2kb of data at a decent speed so not to trigger the irule, then slow down the post rate, therefore rendering this useless?

 

 

(Mind you, I haven't thought of a more elegant solution to this. Just curious to see if you guys have any thoughts on it)

 

 

Cheers!

 

-Masterbaker