The Business value of IP Reflection in Silverline DDOS Protection

Question

Does IP Reflection mean that you can hide for an attacker that you are protećted by a scrubbing center?&nbsp;
What would a traceroute reveal?&nbsp;
If he knows that he would probably change strategy - run heavy SSL-attack and by observing response times could guess whether or not the scrubbing center has the private key.&nbsp;
He could also try to look for the real IP adresses or generate randomized strings in get/post-requests to bypass the center. &nbsp;

amolari · Answer

With Silverline DDOS, F5 scrubbing network do not have your private keys (that's for Silverline WAF). Layer7 attack are still to be mitigated by the customer. But there is a communication API between BIG-IP (by the customer) and the SOC which will enable blocking of source IPs performing those L7 attacks at the scrubbing network level.

billypt_180210 · Answer

http://www.google.com/patents/US20140245421&nbsp;
double static-NAT. public &lt;-&gt; private at Scrubbing Center facing to Customer. private &lt;-&gt; public at Customer facing Scrubbing Center. due to same public IP between first and second translation, it could be seen as reflection&nbsp;
public  &lt;-&gt;  private  &lt;-&gt;  public
same IP                    same IP&nbsp;

Forum Discussion

The Business value of IP Reflection in Silverline DDOS Protection

2 Replies

Recent Discussions

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Related Content

F5 Silverline DDoS Protection FAQ

F5 Silverline DDoS Protection

Silverline DDoS capabilities are now available in F5 Distributed Cloud

Beyond REST: Protecting GraphQL

L7 DoS Protection with NGINX App Protect DoS