You are using the AppDoS feature to control against malicious bot client attacks. The bot
clients are using file downloads to attack your server farm. You have configured a context
value rate of 10,000 hits in 60 seconds. At which threshold will the bot clients no longer be
classified as malicious?
A.
9999 hits in 60 seconds
B.
7500 hits in 60 seconds
C.
5000 hits in 60 seconds
D.
8000 hits in 60 seconds
Protocol analysis stage uses a default interval of 60 seconds for context hit-rate-threshold and value-hit-rate-threshold. For example, if you configure 10,000 as the value-hit-rate threshold, the context value would be monitored against a 10,000 hits limit in a 60–scond interval.
IDP also uses hysteresis for state transitions to avoid thrashing between the states. A default of 20 percent lower limit will be used from the configured connection and context thresholds for falling behind in state. For example. if you configure a context value-hit-rate-threshold of 10,000, IDP transitions from protocol analysis to bot client classification after 10,000 hits in 60 seconds for identical context values, and falls behind in state only when such hits are smaller than 8000 in 60 seconds.