DataPower

Expand all | Collapse all

Preventing Low and Slow DDoS attacks using DataPower

  • 1.  Preventing Low and Slow DDoS attacks using DataPower

    Posted Tue February 02, 2021 02:59 PM
    Hi All,

    We want to prevent low and slow DDoS attack using DataPower? Are there are any references for how this can be achieved in DataPower v2018/v10?

    We thought of implementing this with a reverse proxy with absolute timeout, and controlling http verbs for the request to handle with predefined size of header and message payload. Kindly confirm if this will work or please suggest a better approach.

    Any help is much appreciated!!

    ------------------------------
    Kshitij Khanna
    ------------------------------


  • 2.  RE: Preventing Low and Slow DDoS attacks using DataPower

    Posted Wed February 03, 2021 09:20 AM
    Hi this question has come up before. The answer generally (not speaking for Support) is that DataPower is not vulnerable to 'low & slow' (also known as SlowLoris) attacks due to the unique internal architecture of the DataPower
    At a high level, this attack assumes that each open tcp connection is consuming a OS thread or process which on most system is a limited resource.
    But DataPower does not have this 1-2-1 relationship between tcp/http connections & threads/processes.

    ------------------------------
    Matthias Siebler
    MA
    ------------------------------



  • 3.  RE: Preventing Low and Slow DDoS attacks using DataPower

    Posted Wed February 03, 2021 10:18 AM
    As Matthias points out the mechanism of the "low and slow" attack is one of thread occupancy to which DP is not vulnerable.  It is recommended that short time out values be used to further mitigate these sorts of attacks.

    ------------------------------
    Ivan Heninger
    ------------------------------