Forum Discussion

Altocumulus

Sep 09, 2021

OTP Flood Attack mitigation

We have application which is sitting behind our F5 WAF, where application receiving high voulme of OTP request on server to generate OTP SMS by attacker. People receiving unwanted OTP message on thei...

ASM Advanced WAF

BIG-IP Access Policy Manager (APM)

security

Jaspreetgurm

Altocumulus

Sep 09, 2021

Thanks for quick reply.

IP rotating always, looks like at attacker setup some sort of script which has more than lakh phone numbers requesting for OTP same time.

So can we mitigate such attacks.

Jaspreetgurm

Altocumulus

Sep 12, 2021

Hi Daniel,

bot profiles is already configured with device ID enabled and enforcement mode is set to transparent in system.

As i have verified other settings there is no brute force attack/DOS protection enabled for virtual server. The Application security policy configured with minimal protection as only few parameters are set to block or alarm. Could you please suggest which parameters should be blocked ?

Also could you please let me know how to collect such flood type request in application event logs to prepare report on it.

thanks

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)