-
Attack Categories and DDoS architecture components:
-
Volumetric – Flood-based attacks that can be L3-4 or L7
- Cloud-based Scrubbing Service (Silverline)
- Web Application Firewall (ASM)
- GTM Express
-
Asymmetric – Attacks designed to invoke timeouts or session-state changes
- Web Application Firewall (ASM)
-
Computational – Attacks designed to consume CPU and memory
-
Application Delivery Controller (LTM)
- Slowloris attack migration
- Adaptive connection reaping (computational-RAM attack)
- Network Firewall (AFM)
-
-
Vulnerability-based – Attacks that exploit software vulnerabilities
-
IP Reputation Database (IPI)
- DNS configuration is required for this functionality
- Intrusion Prevention/Detection Systems (IDS/IPS) – ASM Negative Security
- Application Delivery Controller (LTM)
-
-
-
Attacks mitigated based on component
-
SilverLine DDoS Protection
- Volumetric floods
- Amplification (NTP, SNMP, DNS)
- Protocol whitelisting
-
AFM/LTM
- SYN floods
- ICMP floods
- Malformed packets
- TCP floods
- Known bad actors
-
LTM/ASM
- Slowloris (LTM aggressive connection reaping)
- Slow POST (LTM aggressive connection reaping)
- Apache Killer
- RUDY/Keep Dead
- SSL attacks
-
GTM (DNS Express)
- UDP floods
- DNS floods
- NXDOMAIN floods
- DNSSEC attacks
-
Recent Comments