Forum Discussion
Jaspreetgurm
Altocumulus
AltocumulusOTP Flood Attack mitigation
We have application which is sitting behind our F5 WAF, where application receiving high voulme of OTP request on server to generate OTP SMS by attacker. People receiving unwanted OTP message on thei...
JaspreetgurmAltocumulus
AltocumulusHI
Thanks for quick reply.
IP rotating always, looks like at attacker setup some sort of script which has more than lakh phone numbers requesting for OTP same time.
So can we mitigate such attacks.
Daniel_Wolf
MVP
MVPYes, I would setup a Bot Defense profile and I'd also enable Device ID in this profile.
In this solution article you will find all settings for creating a Bot Defense profile explained.
K42323285: Overview of the unified Bot Defense profile
Additionally check out this lab guide from Agility 2021, it will give you some rough idea how to set up Bot Defense with Device ID.
https://clouddocs.f5.com/training/community/waf/html/waf241/module1-elevated-bot/lab1/lab1.html