What is a Hash DoS Attack?

A common algorithm is used for the dictionary tables of all the major web service platforms (Java, ASP.NET, and Apache). In late 2011 a clever attack was released that took advantage of the ubiquity of this hashing algorithm. By sending a single POST message filled with thousands of variables, the hashing function would overload and a server could be tied up processing this single request for as long as an hour. This is a hash denial-of-service (DoS) attack.

F5 BIG-IP Local Traffic Manager (LTM) enables servers to sidestep a hash DoS attack by using the F5 iRules scripting language to drop any POST message that contains an excessive number of variables.

By addressing this problem at the Application Delivery Controller (ADC), the F5 BIG-IP system protects all of the back-end web server platforms at the same time, ensuring the hash DoS attack is never seen by the web server.