F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Return of Bleichenbacher - the ROBOT Attack CVE-2017-6168

Everything old is new again. Security researcher Hanno Böck and friends built a neat little Python adaptive chosen-ciphertext attack proof-of-concept (POC) tool and ran it against many popular we...
Updated Jun 05, 2023
Version 2.0
BIG-IP
security
Hannes_Rapp's avatar
Hannes_Rapp
Icon for Nimbostratus rankNimbostratus
Dec 28, 2017

Nice summary. Another day another attack, but in the end it's that good old brute-force, with an edge.

 

To address the exploitation at hand, and pro-actively mitigate any similar ones that will come out in the future, why not try and hit multiple flies at once? Implement a TLS rate limiting feature (what your iRule does) in next LTM release as a native feature.

 

I see 3 benefits here. TLS rate limiting is a direct mitigation against this attack, but also a proactive mitigation of similar attacks that entirely or partly rely on primitive means of brute force. And lastly, it's also a neat DOS protection feature.

 

For short-term, maybe it can be implemented as a new attribute, configurable in clientssl profile? For long term, maybe there will eventually be a dedicated rate limiting policy which includes not only TLS rate limiting but also the same for network stack and HTTP?