I'm going to do some service availability test in the near future. We can't get any information of the attack pattern. The only information we know is that the tester will conduct these attack.
I'm afraid that those attack patterns seem to be normal for the PAN device (It's like brute force attack, working base on the threshold value)
I've heard that the best way to block these kinds of attacks is the setting server's timeout value or threshold value.
But I have to find out some way to do this job with PAN.
Can we block those attack with IPS Dos Signature or Custom Signature? If we can, does anyone know how set-up to the custom signature for those attacks?
I think these attacks can exhaust server resource with normal Http transaction, and before the the server reaches its max concurrent connection limits, its resource worn out ..
And PA's Dos Protection uses Layer 3~4 information, those attacks are based on Layer 7 information (Http get, post value etc...). In my opinion I should be able to set up Http get method threshold.
I've found one IPS signatures which can block HTTP Slowloris attack.. :smileygrin:
|Attack Name||HTTP: Apache Denial Of Service Attempt|
|Description||This event indicates that someone want to exhaust the apache resources, as described by slowloris.|
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!