Forum Discussion
hooleylist
Dec 02, 2010Cirrostratus
Hi James,
I don't think ~100k entries in a datagroup will kill a 3400, but it would be good to test it with your highest expected load.
If it's a bot network doing a DDOS, I imagine a lot of IP's wouldn't be known in advance though. What are the bots scanning? Is it a web app? Are there any patterns to the requests? You might be able to use an iRule to check the HTTP requests rather than a static (and potentially outdated) list of bad client IPs.
ASM would be an ideal option for this as it gives a lot of simpler options for detecting and blocking bots.
Aaron