Ringin’ in the New Year comes of course some new attack that will catch out attention. Here is some info with the latest Hashdos attack and also include more details here. Here is also the latest twitter info.
The target of this attack is towards the web programming languages and web dev frameworks. It is unique in that it is independent from the actual web app. Per our Eng team who were discussing this internally, the gist of the attack works by using knowledge of the hash functions used by various app frameworks to generate hash collisions. The attack has a little more smarts in that it is specifically crafted field names that then result in hash collisions. The result of this attack can cause to peg the web servers’ CPUs. Some of the suggested solutions can be found in the following technet.com blog.
In summary, the suggested solution is to limit the number of fields that can be submitted. With NetScaler Application Firewall (AppFW), it can provide a strong protection by using the AppFW field consistency check. With this check, NetScaler AppFW will only allow field names that came with the form. What is even more to jazz about AppFW field consistency check is that it is sessionless! Check out my previous blog on Sessionless Security if you have not read about it yet.