Bug ID 1003397: DoS TCP SYN-ACK vector with 'suspicious' set to true impacts MD5 AUTH (BGP) functionality

Last Modified: Jul 26, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0

Opened: Mar 17, 2021
Severity: 3-Major

Symptoms

Using device DoS with TCP SYN ACK Flood vector enabled and 'Only Count Suspicious Events' option enabled breaks connections using TCP MD5 AUTH, including BGP.

Impact

BGP peering is not established/connections failing.

Conditions

Device DoS with TCP SYN ACK Flood vector enabled and 'Only Count Suspicious Events' option enabled

Workaround

Disable the 'Only Count Suspicious Events' option.

Fix Information

None

Behavior Change