Manual Chapter : About custom DoS/DDoS attack signatures

Applies To:

Show Versions Show Versions


  • 15.1.9, 15.1.8
Manual Chapter

About custom DoS/DDoS attack signatures

About custom DoS/DDoS attack signatures

BIG-IP AFM allows you to create custom Network and DNS type DoS attack signatures when the default attack signatures do not match a new or unique type of DoS traffic. Familiarize yourself with the following options prior to creating a new DoS signature.
The HTTP and TLS attack signatures are available for use when the Application Security Manager (ASM) module is provisioned.
Signature option
A unique name identifying the signature object.
Tags are used to classify signatures. You can use tags to filter signature lists. For example, use a tag like Flood to group all flood attack signatures.
Describe the purpose of the signature.
A alternate name for the signature.
Select the check box to indicate that the signature has been reviewed and approved.
Indicates that the signature can be used by other protected objects (virtual servers or zones) and protection profiles. All shareable signatures are accepted on any profile for which signatures are enabled.
Predicates List
One or more match expressions, joined by logical operators, which the system uses to match traffic that is causing a DoS attack. You can edit the predicates (and all properties) of persistent signatures, and view the predicates of dynamic signatures. To add predicates when creating a persistent signature, click Add, select a predicate, specify the match expression, and the value.

Create a custom DoS attack signature

You can create custom Network or DNS DoS attack types for traffic patterns not matching one of the default attack signatures.
  1. On the Main tab, click
    DoS Protection
  2. Click
    Add Signature
    within the
    The Properties pane opens on the right.
  3. Select either Network or DNS from the family list.
  4. Enter a unique
    Signature Name
    for the attack signature.
  5. Click the
    icon to define one or more optional search tags.
    Be sure to press
    after each tag and click
    to associate all of the tags with the signature.
  6. Enter an optional
  7. Click
    in the Predicates List area.
  8. Scroll through the Predicates List and select a predicate.
  9. Select the predicate match expression and value.
  10. Repeat steps 7 through 9 to add additional predicates.
  11. Click
The new attack signature can now be viewed and modified when you click the Persistent area.
Use the new attack signature when creating or modifying a new protection profile or when enabling device protection.