Manual Chapter : AFM DoS/DDoS features

Applies To:

Show Versions Show Versions


  • 15.0.1, 15.0.0
Manual Chapter

AFM DoS/DDoS features

The BIG-IP AFM system includes a wide variety of features to detect and mitigate against Network, SIP and DNS related DoS/DDoS attacks.

Attack Vectors

BIG-IP AFM uses industry standard Network, DNS and SIP attack vectors, or signatures, that can be configured to detect and mitigate DoS/DDoS attacks.

Dynamic Signatures

Dynamic signatures are created by AFM DoS/DDoS Protection based on changing traffic patterns over time. When a unique DoS attack is detected, a dynamic signature is created and can then be used for DoS/DDoS protection.

Custom Attack Signatures

You can create custom DoS/DDoS attack signatures for network and DNS traffic patterns and packets that do not match either the default or dynamic attack signatures.

Bad Actor Detection

Bad Actor detection identifies IP addresses that engage in attacks targeting many destinations. The AFM system can automatically blacklist Bad Actor IP addresses with specific thresholds and time limits.