Explanation of F5 DDoS threshold modes

Der Reader, In my article “Concept of Device DOS and DOS profile”, I recommended to use the “Fully Automatic” or “Multiplier” based configuration option for some DOS vectors. In this article I would...

Published Feb 12, 2020

Version 1.0

series-defense-against-ddos

threshold

Sven_Mueller

Ret. Employee

Joined February 03, 2011

View Profile

Sven_Mueller

Ret. Employee

Joined February 03, 2011

View Profile

dragonflymr

Cirrostratus

Oct 05, 2021

Hi,

Great articles!!! Hope you will continue this series. I wonder if I Am missing something or there is mistake on the diagrams. In red in left top corner there is sentence "Mitigation starts, because the expected EPS value is exceeded..." Should it not say detection EPS?

I Am as well a bit confused with Mitigation (CPU) Threshold line - should not this line be flat? My understanding is that for given set Threshold Sensitivity CPU Threshold is constant, so CPU Threshold line should be flat? Or maybe this is not CPU Threshold line but Mitigation rate line?

Piotr

Explanation of F5 DDoS threshold modes

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS