A single-session DoS attack typically will not trigger
Zone or DoS Protection profiles because they are attacks that are
formed after the session is created. These attacks are allowed by
the Security policy because a session is allowed to be created,
and after the session is created, the attack drives up the packet
volume and takes down the target device.