Operational Defect Database
BugZero found this defect 1296 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
F5 | 926425
Hardware SYN Cookies may not deactivate after the SYN attack ends and valid TCP traffic starts
Last update date:
4/26/2024
Affected products:
BIG-IP
BIG-IP AFM
Affected releases:
14.1.2
14.1.2.1
14.1.2.2
14.1.2.3
14.1.2.4
14.1.2.5
14.1.2.6
14.1.2.7
14.1.2.8
14.1.3
14.1.3.1
14.1.4
Fixed releases:
14.1.4.4
Description:
Hardware SYN Cookies activated on a virtual server under a SYN attack may not deactivate after the SYN attack ends and valid TCP traffic starts. ... The non-supported TCP options under SYN Cookie protection continue to be unsupported until hardware SYN cookies are disabled. ... Impact ... This can successfully cause hardware SYN cookies to be activated on the BIG-IP virtual server under attack. ... However, once the attack subsides and falls below the SYN check threshold, SYN cookies may not immediately deactivate. ... Because SYN cookie protection is still active, and because under SYN cookie protection some TCP options are not supported, the options are not taken into account when processing traffic. ... For example, under SYN cookie protection, MSS is fixed to a few sizes. ... For traffic that arrives with a different MSS size, the system uses a supported size instead. ... Conditions ... Fix Information ... Now, BIG-IP systems differentiate virtual servers regardless of whether t...
