Last Modified: Nov 07, 2023
Known Affected Versions:
15.1.8, 126.96.36.199, 188.8.131.52, 15.1.9, 184.108.40.206, 17.1.0, 220.127.116.11, 18.104.22.168, 22.214.171.124
Opened: Apr 12, 2023 Severity: 3-Major
-- Virtual server reports SYN cookie mode is "full hardware" even after a SYN flood has stopped. -- The virtual_server_stat tmstat table columns sc_mode0,sc_mode1 show "FRS" and the syncookies.hwsyncookie_inst column is greater than zero, even after a SYN flood has stopped.
-- SYN/ACK responses that include a SYN cookie are generated by HW even after a SYN flood attacked has stopped. -- SYN pkts are not seen by the virtual server.
-- Platform with Neuron/TCAM support. -- AFM is not provisioned.
Set the pvasyncookies.preferhwlmode BigDB variable to "true".
Virtual servers properly exit HW SYN cookie mode.