DoS protection against flooding of new sessions is beneficial
against high-volume single-session and multiple-session attacks.
In a single-session attack, an attacker uses a single session to
target a device behind the firewall. If a Security rule allows the
traffic, the session is established and the attacker initiates an
attack by sending packets at a very high rate with the same source
IP address and port number, destination IP address and port number,
and protocol, trying to overwhelm the target. In a multiple-session
attack, an attacker uses multiple sessions (or connections per second
[cps]) from a single host to launch a DoS attack.
This feature defends only against DoS attacks of new sessions,
that is, traffic that has not been offloaded to hardware. An offloaded
attack is not protected by this feature. However, this topic describes
how you can create a Security policy rule to reset the client; the
attacker reinitiates the attack with numerous connections per second
and is blocked by the defenses illustrated in this topic.