Forum Discussion

snarfsmojo_2827's avatar
snarfsmojo_2827
Icon for Nimbostratus rankNimbostratus
Aug 04, 2016

stop DoS attack when originator is behind carrier grade NAT

Hypothetical Scenario : I have a web server on the internet. I notice a DoS attack happening against this server. My first instinct is to blacklist the IP address of the originator at the edge of my network, but I come to find out that the IP of the originator is actually part of an ISPs carrier grade NAT. If I blacklist the IP address at the edge of my network, thousands of legitimate customers will not be able to get to my website.

 

Question: What F5 product/technology could be used to stop a DoS attack, when the originator is behind carrier grade NAT, without disruption of service to other customers?

 

1 Reply

  • You can try ASM with DoS protection mechanism that can use the device id (device fingerprint) to block that particular device. I don't have a great deal of experience but this would be a good starting point. If you have an F5 SE - talk to him/her :-)