Demonstration of Device DoS and Per-Service DoS protection

Dear Reader, This article is intended to show what effect the different threshold modes have on the Device and Per-Service (VS/PO) context. I will be using practical examples to demonstrate those ef...
Published Apr 08, 2020
Version 1.0
AFM
ddos
dhd
dos
flood
iRules
security
series-defense-against-ddos
threshold
Sven_Mueller's avatar
Ret. Employee
I´m a Security Solution Architect in EMEA, focused on Application and Network-Security. I act as a liaison between customers, the F5 sales team and the F5 product teams, providing a hands-on real-world perspective. Before I joined F5, I was a Security Consultant and active on HoneyNet research topics. I hold a diploma in Electrical Engineering. Beside my IT Security interests,I love driving on the Nuerburgring (Green Hell).
View Profile
Sven_Mueller's avatar
Ret. Employee
I´m a Security Solution Architect in EMEA, focused on Application and Network-Security. I act as a liaison between customers, the F5 sales team and the F5 product teams, providing a hands-on real-world perspective. Before I joined F5, I was a Security Consultant and active on HoneyNet research topics. I hold a diploma in Electrical Engineering. Beside my IT Security interests,I love driving on the Nuerburgring (Green Hell).
View Profile
Max_P's avatar
Max_P
Icon for Nimbostratus rankNimbostratus
Jan 18, 2023

Hi Sven!

Thanks so much for your posts and sharing your scripts.

I've a question regarding the scripts, I was checking with the scripts one PO that has manually configured thresholds, and the value that is shown in the detection column doesn't correspond with the mitigation value divided by the tmm count.

Specifically, it was tested on an i5800 running BIG-IP 16.1.2.2 version, DDoS 16.1.0-9.0.20 version, and the mitigation threshold value is 4000 eps, the detection that is shown running the script is 1736.

Is something changed from where the scripts takes this value? or there is anotherway to see the detection per tmm?

Thanks!

Maxi