Bug ID 538708: TMM may apply SYN cookie validation to packets before generating any SYN cookies

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4

Fixed In:
12.1.0, 11.6.1 HF2, 11.5.4 HF3

Opened: Aug 07, 2015
Severity: 4-Minor

Symptoms

SYN cookie validation is applied when SYN cookies are not active

Impact

Validation can be applied to a listener/proxy that does not support SYN cookies which can lead to a tmm core.

Conditions

Internal TMM clock has overflowed and is near 0 ACK packet has been received that does not match an existing connection flow

Workaround

None

Fix Information

SYN cookie validation will not be applied if SYN cookies have not been activated.

Behavior Change