Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
14.0.0, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 14.0.1, 188.8.131.52, 14.1.0, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 14.1.2, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199
Opened: Jan 16, 2019
A UDP DNS packet may incorrectly match a BDoS signature if such a packet was queued up due to ingress shaper. In the worst case, this incorrect signature match might drop the packet.
In this case, when the queued packet is later picked up for further processing, it may incorrectly match a BDoS signature (that would not have otherwise matched if this packet was not queued). A UDP DNS packet may match an incorrect signature and thus might be incorrectly dropped by the BIG-IP system.
AFM is enabled and it receives multiple (back-to-back-to-back) UDP DNS packets, which (due to ingress shaper) might cause queueing for some of the packets in the same data path thread.
UDP DNS packets never match an incorrect BDoS signature, even if such packets are queued due to ingress shaper.