4.3.3. Attack stop¶
4.3.3.1. Stop SYN flood¶
Press (Ctrl-C
) to finish the attack. Traffic will drop on Router1
Note
STOP HERE. It will take 5-10 minutes for Flowmon to mark the attack as NOT ACTIVE. This is done in order to avoid ‘flip-flop’ effect in repeated attack situation
4.3.3.2. Mitigation stop¶
Flowmon DDoS Defender Attack List screen shows the current attack with status NOT ACTIVE. Attack will transition to ENDED state when Flowmon performs Mitigation Stop routine
*It typically takes ~ 5min for Flowmon DDoS Defender to update attack status
4.3.3.3. AFM configuration, BGP route removal¶
As part of Mitigation Stop routine Flowmon removes BGP route from Router1 and Virtual Server and DDoS Profile from AFM
show ip bgp
In AFM TMUI navigate to Security –> DoS Protection –> DoS Profiles
Verify that only default “dos” profile present
In AFM TMUI navigate to Local Traffic –> Virtual Servers –> Virtual Server List
Verify that Virtual Server matching Attack ID has been removed