Bug ID 712429: Serverside packets excluded from DoS stats

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6

Fixed In:
13.1.0.7

Opened: Mar 28, 2018
Severity: 1-Blocking

Symptoms

BIG-IP systems configured with L4 DoS Protection might not provide sufficiently granular DDoS detection and mitigation to ensure that legitimate traffic is not impacted.

Impact

Legitimate traffic might be impacted.

Conditions

Configured for DDoS detection and mitigation.

Workaround

None.

Fix Information

The following DoS vectors no longer count serverside packets. -- Single-Endpoint Flood -- Global-Device level aggregate vectors -- Bad-actor/attacked-dst for all vectors Additionally, hardware-accelerated, device-level (global) aggregate DoS vectors are now programmed dynamically when traffic is detected, rather than at configuration time. These behavior changes provide greater granularity in DDoS detection and mitigation to ensure that legitimate traffic is not impacted.

Behavior Change

The following DoS vectors no longer count serverside packets. -- Single-Endpoint Flood -- Global-Device level aggregate vectors -- Bad-actor/attacked-dst for all vectors Additionally, hardware-accelerated, device-level (global) aggregate DoS vectors are now programmed dynamically when traffic is detected, rather than at configuration time. These behavior changes provide greater granularity in DDoS detection and mitigation to ensure that legitimate traffic is not impacted.