Manual Chapter :
About custom DoS/DDoS attack signatures
Applies To:
Show VersionsBIG-IP AFM
- 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0
About custom DoS/DDoS attack signatures
About custom DoS/DDoS attack signatures
BIG-IP AFM allows you to create custom Network and DNS type DoS attack signatures when the default attack signatures do not match a new or unique type of DoS traffic. Familiarize yourself with the following options prior to creating a new DoS signature.
The HTTP and TLS attack signatures are available for use when the Application Security Manager (ASM) module is provisioned.
Signature option | Description |
---|---|
Name | A unique name identifying the signature object. |
Tags | Tags are used to classify signatures. You can use tags to filter signature lists. For example, use a tag like Flood to group all flood attack signatures.
|
Description | Describe the purpose of the signature. |
Alias | A alternate name for the signature. |
Approved | Select the check box to indicate that the signature has been reviewed and approved. |
Shareable | Indicates that the signature can be used by other protected objects (virtual servers) and protection profiles. All shareable signatures are accepted on any profile for which signatures are enabled. |
Predicates List | One or more match expressions, joined by logical operators, which the system uses to match traffic that is causing a DoS attack. You can edit the predicates (and all properties) of persistent signatures, and view the predicates of dynamic signatures. To add predicates when creating a persistent signature, click Add, select a predicate, specify the match expression, and the value.
|
Create a custom DoS attack signature
You can create custom Network or DNS DoS attack types for traffic patterns not matching one of the default attack signatures.
- On the Main tab, click.
- ClickAdd Signaturewithin thePersistentarea.The Properties pane opens on the right.
- Select either Network or DNS from the family list.
- Enter a uniqueSignature Namefor the attack signature.
- Click theTagsicon to define one or more optional search tags.Be sure to pressEnterafter each tag and clickDoneto associate all of the tags with the signature.
- Enter an optionalDescriptionandAlias.
- ClickAddin the Predicates List area.
- Scroll through the Predicates List and select a predicate.
- Select the predicate match expression and value.
- Repeat steps 7 through 9 to add additional predicates.
- ClickCreate.
The new attack signature can now be viewed and modified when you click the Persistent area.
Use the new attack signature when creating or modifying a new protection profile or when enabling device protection.