doke_23794
Aug 05, 2016Nimbostratus
random header to avoid HEIST attack
Could I reduce the effectiveness of the HEIST https attack, by adding a random length noise header to every https response? The attack works by launching hundreds of queries, and comparing their response lengths. If an iRule were injecting a random length, random content header into every response, that might disrupt the attack. A random length cookie should have the same effect. Do you think this will help? Will this use too much cpu? Is there a risk of running out of entropy in the LTM?
http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/