The Business value of IP Reflection in Silverline DDOS Protection

Question

Does IP Reflection mean that you can hide for an attacker that you are protećted by a scrubbing center?&nbsp;
What would a traceroute reveal?&nbsp;
If he knows that he would probably change strategy - run heavy SSL-attack and by observing response times could guess whether or not the scrubbing center has the private key.&nbsp;
He could also try to look for the real IP adresses or generate randomized strings in get/post-requests to bypass the center. &nbsp;

amolari · Answer

With Silverline DDOS, F5 scrubbing network do not have your private keys (that's for Silverline WAF). Layer7 attack are still to be mitigated by the customer. But there is a communication API between BIG-IP (by the customer) and the SOC which will enable blocking of source IPs performing those L7 attacks at the scrubbing network level.

billypt_180210 · Answer

http://www.google.com/patents/US20140245421&nbsp;
double static-NAT. public &lt;-&gt; private at Scrubbing Center facing to Customer. private &lt;-&gt; public at Customer facing Scrubbing Center. due to same public IP between first and second translation, it could be seen as reflection&nbsp;
public  &lt;-&gt;  private  &lt;-&gt;  public
same IP                    same IP&nbsp;

Forum Discussion

The Business value of IP Reflection in Silverline DDOS Protection

Recent Discussions

Which process is consuming higher CPU

F5 Health Monitor Receive String as JSON

Background Tasks

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Related Content

F5 Silverline DDoS Protection FAQ

F5 Silverline DDoS Protection

Silverline DDoS capabilities are now available in F5 Distributed Cloud

Introducing App Proxies for F5 Silverline

L7 DoS Protection with NGINX App Protect DoS

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS