F5 Firewall Solutions > [Archive3] Flowmon Integrated Out-of-path DDoS Solution > Module – DDoS Attack Source | Edit on

Attack stop¶

Stop SYN flood¶

Press (Ctrl-C) to finish the attack. Traffic will drop on Router1

Note

STOP HERE. It will take 5-10 minutes for Flowmon to mark the attack as NOT ACTIVE. This is done in order to avoid ‘flip-flop’ effect in repeated attack situation

Mitigation stop¶

Flowmon DDoS Defender Attack List screen shows the current attack with status NOT ACTIVE. Attack will transition to ENDED state when Flowmon performs Mitigation Stop routine

*It typically takes ~ 5min for Flowmon DDoS Defender to update attack status

AFM configuration, BGP route removal¶

As part of Mitigation Stop routine Flowmon removes BGP route from Router1 and Virtual Server and DDoS Profile from AFM

show ip bgp

In AFM TMUI navigate to Security –> DoS Protection –> DoS Profiles

Verify that only default “dos” profile present

In AFM TMUI navigate to Local Traffic –> Virtual Servers –> Virtual Server List

Verify that Virtual Server matching Attack ID has been removed

F5 Firewall Solutions > [Archive3] Flowmon Integrated Out-of-path DDoS Solution > Module – DDoS Attack Source | Edit on

Attack stop¶

Stop SYN flood¶

Mitigation stop¶

AFM configuration, BGP route removal¶

Congratulations! You have successfully completed the lab!¶