Manual Chapter :
About AFM DoS/DDoS Protection
Applies To:
Show Versions
BIG-IP AFM
- 17.0.0, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
About AFM DoS/DDoS Protection
AFM DoS/DDoS features
The BIG-IP AFM system includes a wide variety of features to detect and mitigate against Network, SIP and DNS related DoS/DDoS
attacks.
Attack Vectors
BIG-IP AFM uses industry standard Network, DNS and SIP attack vectors, or signatures, that can be configured to detect and mitigate DoS/DDoS attacks.
Dynamic Signatures
Dynamic signatures are created by AFM DoS/DDoS Protection based on changing traffic patterns over time. When a unique DoS attack is detected, a dynamic signature is created and can then be used for DoS/DDoS protection.
Custom Attack Signatures
You can create custom DoS/DDoS attack signatures for network and DNS traffic patterns and packets that do not match either the default or dynamic attack signatures.
Bad Actor Detection
Bad Actor detection identifies IP addresses that engage in attacks targeting many
destinations. The AFM system can automatically blacklist Bad Actor IP addresses with specific
thresholds and time limits.
About AFM DoS/DDoS Protection
BIG-IP Advanced Firewall Manager (AFM) denial-of-service or distributed denial-of-service (DoS/DDoS) Protection is one of four AFM core features:
- Network Firewall
- Controls access to application resourcesusing industry-standard firewall-based rules.
- DoS/DDoS Protection
- Monitors and mitigates against denial-of-service and distributed denial-of-service (DoS/DDoS) attacks.
- IP Intelligence
- Restricts or allows data center access based on lists of source IP addresses (feed lists).
- Reporting
- Provides detailed graphical reports about network attack events.
AFM DoS/DDoS Protection is designed to protect your data center from attacks by detecting and mitigating a wide range of malicious traffic patterns and packet types. Malicious traffic patterns and packets are also referred to as
attack vectors
or attack signatures
. An effective DoS/DDoS solution blocks attack traffic while allowing legitimate traffic.
Automatic Detection and Mitigation
You can configure BIG-IP AFM to automatically detect and mitigate DoS/DDoS attacks using a wide variety of custom and default attack vectors. You can also enable the BIG-IP AFM Dynamic Signature feature to create new attack signatures and mitigate attacks based on traffic patterns that change over time.
Manual Detection and Mitigation
An effective DoS/DDoS protection solution requires an in-depth traffic analysis to determine the baseline traffic patterns and thresholds, as well as attack patterns and thresholds. Once a traffic analysis is complete, you can determine the appropriate DoS/DDoS attack vectors, and manually configure the detection and mitigation thresholds for each.
About device protection and protection profiles
BIG-IP Advanced Firewall Manager (AFM) applies DoS/DDoS attack protection at two levels: Device Protection and Protection Profiles. Device Protection is used to protect the entire BIG-IP system, while Protection Profiles are used to protect individual virtual servers, known as
Protected Objects
. Having two levels of protection provides the ability to adapt detection and mitigation levels for specific devices or applications. 
