stop DoS attack when originator is behind carrier grade NAT

Question

Hypothetical Scenario : I have a web server on the internet.  I notice a DoS attack happening against this server.  My first instinct is to blacklist the IP address of the originator at the edge of my network, but I come to find out that the IP of the originator is actually part of an ISPs carrier grade NAT. If I blacklist the IP address at the edge of my network, thousands of legitimate customers will not be able to get to my website.&nbsp;
Question: What F5 product/technology could be used to stop a DoS attack, when the originator is behind carrier grade NAT, without disruption of service to other customers?&nbsp;

vijay_e · Answer

You can try ASM with DoS protection mechanism that can use the device id (device fingerprint) to block that particular device. I don't have a great deal of experience but this would be a good starting point. If you have an F5 SE - talk to him/her :-)

Forum Discussion

stop DoS attack when originator is behind carrier grade NAT

1 Reply

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

Post-Quantum Cryptography, OpenSSH, & s1ngularity supply chain attack

F5 Distributed Cloud Origin Server Subset Rules

November Security Research Update: Newly Released Attack Signatures

European airport software attack and zero day ‘s are here

The HTTP/2 CONTINUATION frame attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS