Manual Chapter : About custom DoS/DDoS attack signatures

Applies To:

Show Versions Show Versions

BIG-IP AFM

  • 15.1.9, 15.1.8
Manual Chapter

About custom DoS/DDoS attack signatures

About custom DoS/DDoS attack signatures

BIG-IP AFM allows you to create custom Network and DNS type DoS attack signatures when the default attack signatures do not match a new or unique type of DoS traffic. Familiarize yourself with the following options prior to creating a new DoS signature.
The HTTP and TLS attack signatures are available for use when the Application Security Manager (ASM) module is provisioned.
Signature option
Description
Name
A unique name identifying the signature object.
Tags
Tags are used to classify signatures. You can use tags to filter signature lists. For example, use a tag like Flood to group all flood attack signatures.
Description
Describe the purpose of the signature.
Alias
A alternate name for the signature.
Approved
Select the check box to indicate that the signature has been reviewed and approved.
Shareable
Indicates that the signature can be used by other protected objects (virtual servers or zones) and protection profiles. All shareable signatures are accepted on any profile for which signatures are enabled.
Predicates List
One or more match expressions, joined by logical operators, which the system uses to match traffic that is causing a DoS attack. You can edit the predicates (and all properties) of persistent signatures, and view the predicates of dynamic signatures. To add predicates when creating a persistent signature, click Add, select a predicate, specify the match expression, and the value.

Create a custom DoS attack signature

You can create custom Network or DNS DoS attack types for traffic patterns not matching one of the default attack signatures.
  1. On the Main tab, click
    Security
    DoS Protection
    Signatures
    .
  2. Click
    Add Signature
    within the
    Persistent
    area.
    The Properties pane opens on the right.
  3. Select either Network or DNS from the family list.
  4. Enter a unique
    Signature Name
    for the attack signature.
  5. Click the
    Tags
    icon to define one or more optional search tags.
    Be sure to press
    Enter
    after each tag and click
    Done
    to associate all of the tags with the signature.
  6. Enter an optional
    Description
    and
    Alias
    .
  7. Click
    Add
    in the Predicates List area.
  8. Scroll through the Predicates List and select a predicate.
  9. Select the predicate match expression and value.
  10. Repeat steps 7 through 9 to add additional predicates.
  11. Click
    Create
    .
The new attack signature can now be viewed and modified when you click the Persistent area.
Use the new attack signature when creating or modifying a new protection profile or when enabling device protection.