Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP ASM
Known Affected Versions:
11.3.0, 11.4.0, 11.4.1
Fixed In:
11.5.0
Opened: Sep 16, 2013 Severity: 3-Major
In versions prior to 11.5.0, the dos_attack_tps / detection_average log output indicates the average TPS at the time the attack was detected, not the average TPS of the DOS attack.
The field doesn't fully describe what is happening during the DoS attack
Using Splunk or Arcsight for DoS attack visibility
None
Remote Logging of DoS events: We changed the meaning of the "dos_attack_tps" field (in Splunk), and the "detection_average" field (in ArcSight) from being the average TPS when an attack was detected to the average incoming TPS during a DoS attack (the 60-second average TPS of each IP or URL).