ASM DoS detection

Question

Does it mean that DoS would be detected if requests per source IP reached to 200 per second? What's the significance of 40 tps here? &nbsp;
&nbsp;

leonline_225556 · Answer

Hi f5rocks,&nbsp;
The ASM DoS feature measures the TPS every 10 seconds and calculates the average for the past hour.&nbsp;
DoS will be detected when an absolute TPS value of 200 is reached, but also when
an absolute TPS value of 40 is reached AND an increase of 500% is detected.&nbsp;
Example:&nbsp;
Average TPS: 75 (for the past hour)Last TPS measured: 600TPS increased by: ((600 - 75) / 75) * 100 = 700%
Based on your screenshot DoS will be detected because TPS increased by 700% (&gt; 500%) and absolute value is 600 TPS (&gt; 40 TPS).&nbsp;
Leon&nbsp;

sanjayp · Answer

Thanks. But if last TPS is600, doesn't DoS will be detected immediately as it's higher than absolute threshold (200 TPS). 
My point was if both values come to same TPS rate (i.e increased TPS% or absolute Threshold) so not sure why two conditions are given. Also hope as name suggests these are for single source IP.&nbsp;

Forum Discussion

ASM DoS detection

2 Replies

Recent Discussions

Transaction looks successful but file not downloading

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

F5 loadbalancer not working

Related Content

Synthetic Monitoring helps you detect application issues before your users do

ASM L7 DoS email alert

how do I detect the rst returned by the server?

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

How do I drop traffic on ASM?