rise of the botsstatic.carahsoft.com/concrete/files/9615/2328/9842/300_level_credential...bots bots...

RISE of the BOTS

Peter Scheffler, Cyber Security Solutions Architectscheff@f5.com / @pmscheffler

OK, but how do these happen?

Who really “attacks”

me?

• Roughly 50% of traffic is

human

• About 20% is good bots

• Remaining 30% is

malicious bots

How do we differentiate?

•

••

•

•

••

•

•

•

•

••

•

•

••

•

Exploiting POST for Fun & DoS

••

•

•

•

Attackers work to identify weaknesses in application infrastructure

••

•

••

•

•

••

•

Only 26% of Scalar Survey

Respondents said their users

are trained…

•

•

* Threat Matrix Cyber Crimes 2017 Report

•

•

•

•

•

Web Application

•

•

••

•

•

•

• https://PanOpticlick.eff.org

•

•

•

•

•

•

•

1st time request to web server

Internet

Web Application

Legitimate browser

verification

No challenge response from

botsBOTS ARE DROPPED

WAF responds with injected JS challenge. Request is not passed to server

1

JS challenge placed in browser

2

WAF verifies response authenticity

Cookie is signed, time stamped and finger printed

4

Valid requests are passed to the

server

5

Browser responds to challenge &

resends request

3

Continuous invalid bot attempts are

blocked

Valid browser requests bypass challenge w/

future requests

http://bit.ly/ASMLabManual

https://training.f5agility.com/7280/<#