F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Jaspreetgurm's avatar
Jaspreetgurm
Icon for Altocumulus rankAltocumulus
Sep 09, 2021

HI  

 

Thanks for quick reply.

 

IP rotating always, looks like at attacker setup some sort of script which has more than lakh phone numbers requesting for OTP same time.

 

So can we mitigate such attacks.

 

 

 

 

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Sep 13, 2021

Hi,

 

so question by question - a Device ID won't be generated when the Bot Defense profile is in Transparent mode unless you set "Verification and Device-ID Challenges in Transparent Mode" to Enabled. Check if Device IDs are generated.

 

In case you have a Device ID generated you could use this Device ID in a TPS-based DOS profile.

 

I cannot tell you how to configure the parameters in the Security Policy. I practically know nothing about your application. Therefore I cannot judge what parameters there are and how to handle them.

 

You can try to find the information in Security ›› Event Logs : Bot Defense : Bot Traffic. If the AWAF identified the attacker as a bot, you will get some graphs out of it.

If you are logging All Requests in the Security Policy, maybe you can also identify some characteristics of the attack from these requests. You will also find the Device ID here.

 

KR

Daniel