Lab 4 - Multi-vector Demo

In this simple demo you will launch a small number of network attacks and show the configuration, logging and reporting capabilities of the Hybrid Defender. The point of this demo is to provide context for a UI walkthrough with some live data.

Task 1 - Access DoS Quick Configuration and display the ServerNet protected object

This protected object is defending all ports/protocols for, which is the network behind the Hybrid Defender. Attacks will be launched at, which is an interface on the LAMP server. Verify that the following vectors are configured:


Launch the attacks and show the behavior

  • Open the following tabs in the DHD UI:

  • DoS Protection->Quick Configuration->ServerNet

  • Security->DoS Protection->DoS Overview (leave the filter at default: ’DoS Attack’)

  • Statistics->DoS Visibility

  • Access the Attacker System CLI and run the attack

    # cd ~/scripts
    # sudo bash
    # ./
    • Click Refresh on the DoS Overview page. You will see some attacks mitigated by Device Configuration and some mitigated by the more specific settings on the ServerNet Protected Object.


Navigate to Security->Event Logs->DoS->Network->Events.

  • Click on “custom search…” link.

  • Drag one of the values from the “Attack Type” column into the custom search builder. From the Action column, drag Drop into the search builder. Click “Search”.


  • Further explore the DoS Event logs as needed for your demo. For example, clear the search and identify the “Stop” and “Start” times for an attack, etc.

  • In the Hybrid Defender WebUI, access the DoS Visibility reporting tool at Statistics->DoS Visibility.


DoS Visibility is a reporting tool, not a real-time monitoring tool. Events are displayed, much like other AVR-based reporting, in 5 minute windows. Do not expect events to be shown here immediately after running an attack. Be aware of this timing when doing a demo. Quicker/real-time monitoring of on-going DoS attacks is best accomplished in the DoS Event Logs and DoS Overview areas of the WebUI

  • You should see the attacks in the timeline and a variety of details in the windows. Use the slider to shorten the timeframe if needed, and click the Network filter, to focus on L4 activities.



    that you can select events from the timeline and see details about the attacks


  • Log in to Silverline at

  • Navigate to Monitor and Analyze > Stats > Hybrid Device. Locate your device and explore the interface.