NimbostratusDear community,
I need to set up a new irule for basically mitigate a DoS attack. Specifically should work in case of TCP Flag Attacks ( SYN, ACK, FIN and RST) . Could someone help me with this? Also should have to work under an UDP flood attack. Im starting from scratch so any help on this would be very welcomed. Thanks folks.
NimbostratusA lot of what you are asking for is already baked into the device.
See: K14813: Detecting and mitigating DoS/DDoS attacks (11.4.x - 12.x)
NimbostratusThanks Michael. I went through that article but still need some kind of guidelines ( specially for a better control) for building out a new irule in case of detecting suspicious activities or even ddos attacks. how can I set up TCP for defending against Flag Attacks? Many thanks again for helping out.
I don't think you can inspect TCP flags using irules, so this approach seems unviable. You should look at using one of the standard modules/features built into the product that accomplish this objective as Mr Yates has already suggested.
Nimbostratusthank you both!
Nimbostratus