Manual Chapter : Overview: Mitigating DoS/DDoS Attacks on Protected Objects

Applies To:

Show Versions Show Versions


  • 15.0.0
Manual Chapter

Overview: Mitigating DoS/DDoS Attacks on Protected Objects

When you create virtual servers using BIG-IP Local Traffic Manager (LTM), AFM discovers them as protected objects. This discovery makes it easy for you to locate and apply DoS/DDoS protection profiles, and to view the current attack status of each protected object.

DoS/DDoS Protection Profiles

DoS/DDoS protection profiles define the strategies used to detect, and mitigate DoS/DDoS attacks on protected objects. Protection profiles allow you to enable, and configure a wide variety of attack signatures for Network, DNS, and SIP protocols. For most attack signatures, you can allow AFM to manage detection and mitigation thresholds, or you configure attack signature settings manually.

Protection Settings

You can apply the following protection settings to protected objects:
Throughput Capacity
A maximum allowable throughput, in megabits per second, for the protected object. Infinite means no limit.
Protection Profile
A DoS protection profile configured to detect and mitigate DoS/DDoS attack based on known and discovered attack signatures.
Eviction Policy
An Eviction policy controlling the amount of allowable connections, based on specified high and low water marks. Once the high water mark is triggered, a number of eviction strategies can be selected to control how connections are dropped.
IP Intelligence
An IP intelligence policy used to control network access based on client source IP addresses.
For SIP DoS protection, you must also create a SIP profile with SIP Firewall enabled, and attach it to the protected object being protected from SIP DoS attacks.