Last Modified: Oct 17, 2023
Affected Product(s):
BIG-IP (all modules)
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1
Fixed In:
14.1.0
Opened: Jul 13, 2018 Severity: 3-Major
In AFM, it is possible that the device-level TCP Half Open vector will show int_drops when actually LTM per-vlan syncookie is mitigating the attack.
Stats could be misleading.
When AFM is enabled and LTM per-vlan syncookie is doing HW syncookies.
You can turn off the AFM TCP half Open vector.
Now, we will only show the TCP half Open stats when we are actually mitigating through TCP half Open vector.