ipv4IcmpFlood |
IPv4 flood vector. This vector detects or rate-limits IPv4 ICMP flood attacks based on the state and rate-limit configuration. It also supports per-source and per-destination IP detection for bad actor and bad destination mitigation and detection. |
tidcmp |
IPv4 flood vector. This vector detects ICMP Source Quench attack. It is detected or dropped based on the state and rate limit configuration, provides detection and rate limiting per-sourceIP and per-destinationIP, and is subject to ba/bd ICMP source quench packets. |
ipv4FragFlood |
IPv4 flood vector. This vector detects the attack when spoofed IPv4 fragments are sent at a very high rate. Detected or dropped based on the state and rate limit configuration, it provides per-sourceIP and per-destinationIP detection and rate limiting. |
ipv4OverlapFrag |
IPv4 flood vector. This vector detects attack when a flood of IPv4 overlapping fragments are received. Detected or ratelimited based on the state and rate limit configuration, it offers per-sourceIP and per-destinationIP detection and rate limiting. |
ipv4LowTtl |
IPv4 flood vector. This vector detects the attack when IPv4 packets with low TTL (non zero) value are received. Detection or ratelimited is carried out based on the state and rate limit configuration, and it provides per-sourceIP and per-destinationIP detection and rate limiting. This vector is also subject to ba/bd. |
ipv4NoPayload |
IPv4 flood vector. This vector detects the attack with no Layer 4 payload for the IPv4 address. Based on the state and rate limit configuration, It is detected or ratelimited and offers per-sourceIP and per-destinationIP detection and rate limiting. This vector falls under ba/bd. |
ipv4OptFrame |
IPv4 flood vector. This vector detects attack when a flood of too many IPv4 packets with an IP options frame are received. Attack is detected or dropped per the state and rate limit configuration and provides per-sourceIP and per-destinationIP detection and rate limiting. |
ipv4BadTtl |
IPv4 error vector. This vector occurs when the Time-to-live value equals zero for an IPv4 packet. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv4BadVer |
IPv4 error vector. This vector detects the attack when IP version in header is not set to 4. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv4BadSrc |
IPv4 error vector. This vector detects the attack when source IP is either broadcast or multicast. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv4ErrorChecksum |
IPv4 error vector. This vector detects the attack when incorrect IPv4 header checksum is observed. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv4FragError |
IPv4 error vector. This vector detects the attack with invalid IPv4 fragmentation offset value. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv4ShortFrag |
IPv4 error vector. This vector detects the attack with too small IPv4 fragment packets. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv4HdrLenTooShort |
IPv4 error vector. This vector detects the attack with header length less than 20 bytes. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv4HdrLenGtL2Len |
IPv4 error vector. This vector detects the attack traffic with no room in the Layer 2 packet for the IPv4 IP header (including options). When enabled, Attack is detected and dropped based on the threshold configuration. |
ipv4OptIllegalLen |
IPv4 error vector. The vector detects the attcack traffic with illegal length in the IP option. When enabled, Attack is detected and dropped based on the threshold configuration. |
ipv4LenGtL2Len |
IPv4 error vector. This vector detects the attack traffic with the total length in the IPv4 header exceeding the Layer 3 length in a Layer 2 packet. When enabled, Attack is detected and dropped based on the threshold configuration. |
ipv6DupExtHdr |
IPv6 error vector. This vector detects the attack with an extension header appearing more than once in an IPv6 packet, excluding the Destination Options extension header. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv6BadHopCount |
IPv6 error vector. This vector detects attack with both the terminated (Count=0) and forwarding packet (Count=1) counts set to invalid. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv6BadVersion |
IPv6 error vector. This vector detects the attack with the version not set to 6, in the IPv6 header. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv6AddrLenGtL2Len |
IPv6 error vector. This vector detects the attack with the IPv6 address length exceeding the Layer 2 length. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv6PayloadLenLtL2Len |
IPv6 error vector. This vector detects the attack with the specified IPv6 payload length shorter than the Layer 2 length. When enabled, Attack is detected and dropped based on the threshold configuration. |
ipv6BadAddr |
IPv6 error vector. This vector detects the attack with multicast source IPv6 address. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv6FragError |
IPv6 error vector. This vector detects the attack with invalid IPv6 fragmentation offset value. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv6FragOverlapError |
IPv6 error vector. This vector detects the attack when IPv6 overlapping fragments are received. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv6ShortFragError |
IPv6 error vector. This vector detects the attack with the undersized IPv6 fragment packets. When enabled, attack is detected and dropped based on the threshold configuration. |
ipv6L4ExtHdrsGoEnd |
IPv6 flood vector. This vector detects the attack with extended headers reaching or surpassing the end of the Layer 4 frame. Based on the state and rate limit configuration, attack is detected or dropped and provides per-sourceIP and per-destinationIP detection and rate limiting. |
ipv6BadExtHdrOrder |
IPv6 flood vector. This vector detects the attack with out of ordered extended headers in the IPv6 header. Attack is detected or dropped as per the state and rate limit configuration. |
ipv6Fipv6IcmpFlood |
IPv6 flood vector. This vector detects the IPv6 ICMP flood attack. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
ipv6FragFlood |
IPv6 flood vector. This vector detects the attack when spoofed IPv6 fragments are received at a very high rate. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
ipv6AtomicFrag |
IPv6 flood vector. This vector detects the attack with IPv6 fragment header with M=0 and FragOffset=0. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
ipv4MappedIpv6Addr |
IPv6 flood vector. This vector detects the attack with IPv4 address occupying the lowest 32 bits of an IPv6 address. Attack is detected or ratelimited based on the state and rate limit configuration. |
ipv6RoutingHdrType0 |
IPv6 flood vector. This vector detects the attack when IPv6 packets with routing header type zero are received. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
ipv6LowHopCount |
IPv6 flood vector. This vector detects the attack when IPv6 extended header hop count set to less than or equal to the configured value of ipv6LowHopCount. Attack is detected or dropped according to the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
ipv6ExtHdrTooLarge |
IPv6 flood vector. This vector detects the attack when we receive packets which have too Large IPv6 Extension Header field based on the configured limit. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
ipv6WithExtHdrFrames |
IPv6 flood vector. This vector detects the attack with too many IPv6 Extension Headers surpassing the limit configured. Attack is detected or dropped according to the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
ipv6TooManyExtHdrs |
IPv6 flood vector. This vector detects the attack with too many IPv6 Extension Headers surpassing the limit configured. Attack is detected or dropped according to the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
udpFlood |
UDP flood vector. This vector prevents the UDP flood. UDP port list can be enabled for mitigation. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
tcpRstFlood |
TCP flood vector. This vector detects the attack with RST flag set in the TCP packet to tamper with internet communications. It is detected or dropped based on the state and rate limit configuration and provides detection and rate limiting per-sourceIP and per-destinationIP. |
tcpSynOversize |
TCP flood vector. This vector detects the attack traffic with TCP SYN packets larger than 64 bytes. It is detected or dropped based on the state and rate limit configuration, provides detection and rate limiting per-sourceIP and per-destinationIP. |
tcpBadUrg |
TCP flood vector. This vector detects the attack traffic with URG flag set, and the urgent pointer is 0. It is detected or dropped based on the state and rate limit configuration, provides detection and rate limiting per-sourceIP and per-destinationIP. |
tcpOptOverrunsTcpHdr |
TCP flood vector. This vector detects the attack traffic with option bits that overrun the TCP header. It is detected or dropped based on the state and rate limit configuration, provides detection and rate limiting per-sourceIP and per-destinationIP. |
tcpWindowSize |
TCP flood vector. This vector detects the attack traffic with TCP window size zero. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
nonTcpConnection |
TCP flood vector. This attack vector targets all connections that are not TCP. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
tcpOptIllegalLen |
TCP flood vector. This vector detects the attack traffic with an illegal TCP Option length. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
synAckFlood |
TCP flood vector. This vector detects the flood of traffic with both TCP SYN and ACK flags set in the packet. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
synFlood |
TCP flood vector. This vector detects the flood of traffic with TCP SYN flag set. SYN cookie feature can be enabled for mitigative actions. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
tcpHdrLenGtL2Len |
TCP error vector. This vector detects the attack traffic with TCP header length exceeding the Layer 2 length. When enabled, attack is detected and dropped based on the threshold configuration. |
tcpHdrLenTooShort |
TCP error vector. This vector detects the attack traffic with Data Offset value in the TCP header that is less than 20 bytes. When enabled, attack is detected and dropped based on the threshold configuration. |
badUdpChecksum |
UDP error vector. This vector detects the attack traffic with incorrect UDP checksums. When enabled, attack is detected and dropped based on the threshold configuration. |
badUdpHdr |
UDP error vector. This vector detects the attack traffic with UDP header length greater than the IP length or Layer 2 length. When enabled, attack is detected and dropped based on the threshold configuration. |
landAttack |
L3 error vector. This vector detects attack traffic where the Source IP is the same as the destination IP address. When enabled, attack is detected and dropped based on the threshold configuration. |
noListenerMatch |
L4 flood vector. This vector detects the attack traffic sent to BIGIP, that doesn't match with any listeners configured. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
uncommonIpProtocols |
IP flood vector. This vector detects the configured excluded IP protocols traffic. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
unknownIpProtocols |
IP flood vector. This vector detects attack traffic with an unknown or undetermined protocol. Attack is detected or dropped according to the state and rate limit configuration. |
dnsMalformed |
DNS error vector. This vector detects the malformed DNS packets. When enabled, attack is detected and dropped based on the threshold configuration. |
dnsQdCountLimit |
DNS error vector. This vector detects the DNS packets with DNS qdcount not equal to 1. When enabled, attack is detected and dropped based on the threshold configuration. |
unsolicitedDnsResponse |
DNS error. This vector detects the DNS packets with DNS header flags bit 15 set as 1 (response). When enabled, attack is detected and dropped based on the threshold configuration. |
dnsAQuery |
DNS flood vector. This vector detects the DNS packets with Qtype as A_QRY. Attack is detected or dropped based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsAaaaQuery |
DNS flood vector. This vector detects the DNS packets with Qtype as AAAA. Attack is detected or dropped according to the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsAnyQuery |
DNS flood vector. This vector detects the DNS packets with Qtype as ANY_QRY. Attack is detected or dropped based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsPtrQuery |
DNS flood vector. This vector detects the DNS packets with Qtype as PTR. Attack is detected or dropped per the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsAxfrQuery |
DNS flood vector. This vector detects the DNS packets with Qtype as AXFR. Attack is detected or dropped according to the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsCnameQuery |
DNS flood vector. This vector detects the DNS packets with DNS Qtype as CNAME. Attack is detected or dropped based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsIxfrQuery |
DNS flood vector. This vector detects the DNS packets with DNS Qtype as IXFR. Attack is detected or dropped according to the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsMxQuery |
DNS flood vector. This vector detects the DNS packets with DNS Qtype as MX. Attack is detected or dropped based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsNsQuery |
DNS flood vector. This vector detects the DNS packets with DNS Qtype as NS. Attack is detected or dropped according to the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsOtherQuery |
DNS flood vector. This vector detects the DNS packets with DNS Qtype as OTHER. Attack is detected or dropped based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsSoaQuery |
DNS flood vector. This vector detects the DNS packets with DNS Qtype as SOA_QRY. Attack is detected or dropped according to the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsSrvQuery |
DNS flood vector. This vector detects the DNS packets with DNS Qtype as SRV. Attack is detected or dropped based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsTxtQuery |
DNS flood vector. This vector detects the DNS packets with DNS Qtype as TXT. Attack is detected or dropped according to the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
oversizedDns |
DNS flood vector. This vector detects the oversized DNS headers. Attack is detected or ratelimited based on the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
dnsNxdomainQuery |
DNS flood vector. This vector detects the DNS query for non existing domains. Attack is detected or dropped according to the state and rate limit configuration, provides both per-sourceIP and per-destinationIP detection and rate limiting. |
etherBroadcastPkt |
Layer 2 flood vector. This vector detects the traffic with broadcast as the Ethernet destination address. Attack is detected or dropped according to the state and rate limit configuration. |
etherMulticastPkt |
Layer 2 flood vector. This vector detects traffic with multicast set for the Ethernet destination address. Attack is detected or dropped according to the state and rate limit configuration. |
arpFlood |
Layer 2 flood vector. This vector detects the ARP flood in the network. Attack is detected or dropped based on the state and rate limit configuration. |
etherSrcEqualDstAddr |
Layer 2 error vector. This vector detects the traffic with Ethernet MAC source address same as the destination address. When enabled, attack is detected and dropped based on the threshold configuration. |
l2LenGtIpLen |
Layer 2 flood vector. This vector detects the attack traffic with Layer 2 packet length significantly exceeding the payload length in an IPv4 address header, and the Layer 2 length surpasses the minimum packet size. Attack is detected or dropped per the state and rate limit configuration. |