Explanation of F5 DDoS threshold modes
Der Reader, In my article “Concept of Device DOS and DOS profile”, I recommended to use the “Fully Automatic” or “Multiplier” based configuration option for some DOS vectors. In this article I would...
Published Feb 12, 2020
Version 1.0Sven_Mueller
I´m a Security Solution Architect in EMEA, focused on Application and Network-Security.
I act as a liaison between customers, the F5 sales team and the F5 product teams, providing a hands-on real-world perspective.
Before I joined F5, I was a Security Consultant and active on HoneyNet research topics.
I hold a diploma in Electrical Engineering.
Beside my IT Security interests,I love driving on the Nuerburgring (Green Hell).Ret. Employee
Sven_Mueller
I´m a Security Solution Architect in EMEA, focused on Application and Network-Security.
I act as a liaison between customers, the F5 sales team and the F5 product teams, providing a hands-on real-world perspective.
Before I joined F5, I was a Security Consultant and active on HoneyNet research topics.
I hold a diploma in Electrical Engineering.
Beside my IT Security interests,I love driving on the Nuerburgring (Green Hell).Ret. Employee
dragonflymr
Cirrostratus
Oct 05, 2021Hi,
Great articles!!! Hope you will continue this series. I wonder if I Am missing something or there is mistake on the diagrams. In red in left top corner there is sentence "Mitigation starts, because the expected EPS value is exceeded..." Should it not say detection EPS?
I Am as well a bit confused with Mitigation (CPU) Threshold line - should not this line be flat? My understanding is that for given set Threshold Sensitivity CPU Threshold is constant, so CPU Threshold line should be flat? Or maybe this is not CPU Threshold line but Mitigation rate line?
Piotr