Forum Discussion

Nimbostratus

Aug 09, 2013

ASM & Hydra verification request

Hi, We have PoC at one of ours client and I was preparing labs with PHPAuction, ASM and Hyrda. Lab was aimed to show that automated (with Hydra) brute force attack on login page (user_login.php)...

app sec

BIG-IP Access Policy Manager (APM)

security

ltwagnon

Ret. Employee

Sep 20, 2013

Have you tried the session based anomaly detection? If you generated 3500 new sessions in 10 seconds, you should be able to configure the ASM to detect an abnormal number of new sessions in a given time period and block based on those settings. Here's a link to an article I wrote on session and transaction based anomaly detection/mitigation: https://devcentral.f5.com/articles/these-are-not-the-scrapes-youre-looking-for-session-anomalies.UjxueLEo7IU

Essentially what happens is that the ASM detects the number of sessions opened per second and, if too many sessions are opened, it starts blocking requests.

I hope this helps! John

Forum Discussion

ASM & Hydra verification request

Recent Discussions

Open Redirection Mitigation

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

BWC iRule

Citrix XenServer Big-IP Upgrade help

Related Content

Logging DNS Requests

Configure NGINX microgateway for MTLS termination and client certificate hash verification

Google reCAPTCHA Verification With Sideband Connections

Client Certificate Verification using Request

FTP Monitor File Existence Verification