Last Modified: Dec 19, 2025
Affected Product(s):
BIG-IP AFM, Install/Upgrade
Known Affected Versions:
17.1.3
Opened: Oct 22, 2025 Severity: 3-Major
A number of DoS vectors were added in version 17.1.0 and are set to Mitigate by default. The list of vectors that were added is described in K41305885: BIG-IP AFM DoS vectors https://my.f5.com/manage/s/article/K41305885 These include - TCP ACK (TS) - TCP ACK Flood - TCP Flags Uncommon Additionally, a DoS vector behavior has changed: - Bad TCP Flags Malformed
These low thresholds trigger frequent DoS attack detections, leading to disruptions in service.
Old threshold values (Detection EPS Threshold: 200, Mitigation EPS Threshold: 100) are still being used, which are too low compared to the new defaults.
Change the threshold to the new defaults or any reasonable values accordingly. For example: #tmsh modify security dos device-config dos-device-config dos-device-vector { tcp-ack-ts {default-internal-rate-limit 300000 detection-threshold-pps 200000}}
None