Bug ID 749331: Global DNS DoS vector does not work in certain cases

Last Modified: Jun 10, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1

Fixed In:
15.0.0, 14.1.0.2

Opened: Nov 09, 2018
Severity: 2-Critical

Symptoms

Global DNS DoS vector stops working under certain conditions.

Impact

Global DNS data structures are overwritten by subsequent incoming packets. Global DNS DoS vector does not rate-limit the packets.

Conditions

Packets are not made to go through its entirety.

Workaround

None.

Fix Information

Global DNS DoS vector checks now prevent this issue, so rate-limiting works as expected.

Behavior Change