Explanation of F5 DDoS threshold modes
Der Reader, In my article “Concept of Device DOS and DOS profile”, I recommended to use the “Fully Automatic” or “Multiplier” based configuration option for some DOS vectors. In this article I would...
Published Feb 12, 2020
Version 1.0Sven_Mueller
I´m a Security Solution Architect in EMEA, focused on Application and Network-Security.
I act as a liaison between customers, the F5 sales team and the F5 product teams, providing a hands-on real-world perspective.
Before I joined F5, I was a Security Consultant and active on HoneyNet research topics.
I hold a diploma in Electrical Engineering.
Beside my IT Security interests,I love driving on the Nuerburgring (Green Hell).Ret. Employee
Sven_Mueller
I´m a Security Solution Architect in EMEA, focused on Application and Network-Security.
I act as a liaison between customers, the F5 sales team and the F5 product teams, providing a hands-on real-world perspective.
Before I joined F5, I was a Security Consultant and active on HoneyNet research topics.
I hold a diploma in Electrical Engineering.
Beside my IT Security interests,I love driving on the Nuerburgring (Green Hell).Ret. Employee
Sven_Mueller
Oct 26, 2021Ret. Employee
Hi Piotr,
very good catch! Yes, the sentence in red within the diagram is not correct. It should say "Mitigation starts, because DETECTED EPS value is exceeded..."
The mitigation rate on device level is calculated based on CPU stress. In my diagram the CPU stress should show that the CPU is in the beginning relaxed and therefor the calculated mitigate rate is very high and flat, until the CPU gets under pressure.
I hope thats helps!?
Thanks, sVen