The BQN detects Denial of Service attacks. To do this, DoS thresholds must be configured in Configuration->DoS:

• Downlink failed handshake rate. SYNs per second without an answer in the direction towards the subscribers (initialized from the Internet). A typical value is 50.
• Uplink failed handshake rate. SYNs per second without an answer initialized by a subscriber. A typical value is 50.
• Minimum rate. Minimum speed rate that can be considered a volumetric attack. The exact value depends on the network speed,but a typical value is 50 Mbps.
• Multiplier of subscriber rate policy. If the subscriber has a known rate policy, a threshold is defined as multiplier *downlink limit. A typical multiplier is 3. For example, a subscriber with a 20Mbps plan will have a DoS threshold of 3*20=60Mbps.

The DoS events are shown in Statistics->DoS Attacks. In DoS Attacks Over Time, the DoS attack events are displayed showing its type, its duration and parameters such as the affected subscriber IP and the main IP contributing to the attack.

In Details of DoS Attacks all DoS events are listed, with information about the time, event type, IP address affected, the direction of the attack (ingress or egress) and its duration. In SYN Attacks can be found attacks of SYN type, with the number of failed SYN and its rate per second. In Volume Attacks there is a list of volumetric attacks, with information of the traffic volume and its average rate.

‍