Last Modified: Jan 17, 2025
Affected Product(s):
BIG-IP AFM, Install/Upgrade
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3, 17.1.1.4, 17.1.2, 17.1.2.1
Opened: Oct 30, 2024 Severity: 3-Major
After upgrading, AFM detects a TCP ACK Flood or/and TCP ACK TS attack. Also could mitigate it and therefore a traffic outage occurs.
- Many TCP ACK TS or TCP ACK Flood attacks are detected in the AFM device. - Traffic can be disrupted while the TCP ACK Flood or TCP ACK TS attack is mitigated.
-- AFM enabled and in service -- The system is upgraded
Option 1 -- Upgrade -- Increase the threshold for these vectors to a very large value that clients cannot reach, something like detection 8000000 mitigation 10000000. -- Monitor the stats for this vector. -- Once you have a baseline for the vector, adjust thresholds to a better value that fits the baseline. Option 2 - use this if you don't need the TCP ACK TS or TCP ACK Flood vectors. -- Upgrade -- Disable the vectors
None