BugZero found this defect 493 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
4/26/2024
BIG-IP
BIG-IP AFM
13.1.0
13.1.0.1
13.1.0.2
13.1.0.3
13.1.0.4
13.1.0.5
13.1.0.6
13.1.0.7
13.1.0.8
13.1.1
13.1.1.2
13.1.1.3
No fixed releases provided.
Bug ID 609878: Bad ACK Flood is not detected by AFM when loose-init is enabled on the virtual server ... When loose-init is set, which has the implicit semantics of "every ACK packet can create a connection". ... Hence, there is never a "Bad ACK" to drop. ... This behavior is expected as per design, so while enabling this option one should aware of the side effects it will cause. ... Impact ... Enabling loose initiation may make it more vulnerable to denial of service attacks. ... Conditions ... This issue will be seen when loose-init is enabled on the fastL4 profile and when the box is flooded with asymmetric ACK packets (or) Bad-Acks. ... Workaround ... When loose-init is set in the fastL4 profile, we need to turn on connection-limits on the virtual and also Eviction Policy to prevent flow-table exhaustion. ... Fix Information