Return of Bleichenbacher - the ROBOT Attack CVE-2017-6168
Everything old is new again.
Security researcher Hanno Böck and friends built a neat little Python adaptive chosen-ciphertext attack proof-of-concept (POC) tool and ran it against many popular we...
Updated Jun 06, 2023
Version 2.0
Hannes_Rapp
Nimbostratus
NimbostratusNice summary. Another day another attack, but in the end it's that good old brute-force, with an edge.
To address the exploitation at hand, and pro-actively mitigate any similar ones that will come out in the future, why not try and hit multiple flies at once? Implement a TLS rate limiting feature (what your iRule does) in next LTM release as a native feature.
I see 3 benefits here. TLS rate limiting is a direct mitigation against this attack, but also a proactive mitigation of similar attacks that entirely or partly rely on primitive means of brute force. And lastly, it's also a neat DOS protection feature.
For short-term, maybe it can be implemented as a new attribute, configurable in clientssl profile? For long term, maybe there will eventually be a dedicated rate limiting policy which includes not only TLS rate limiting but also the same for network stack and HTTP?