Technical Tip: How to create a DHCP Flood Custom IPS Signature
| Description | This article describes how to create a Custom IPS Signature for detecting a DHCP flood that is too many DHCP requests that are being sent towards a DHCP server. |
| Scope | FortiGate. |
| Solution | To create a DHCP Flood Custom IPS Signature, go to: Security Profiles -> IPS Signatures -> Create New and fill in the fields below: F-SBID ( --name "DHCP_Flood"; --protocol UDP; --service DHCP; --dhcp_type 1; --rate 200,5; --track DHCP_CLIENT ;)
In this example: 200,5 is for 200 requests throughout 5 seconds.
After creating the DHCP Flood Custom IPS Signature, it will be shown below:
 After creating the DHCP Flood Custom IPS Signature, it can be added when creating the Intrusion Prevention Security Profile, as below: 
The newly created 'Test' Intrusion Prevention Security Profile with the 'DHCP_Flood' signature is shown below:
 |
