Bug ID 808889: DoS vector or signature stays hardware-accelerated even when traffic rate is lower than mitigation threshold

Last Modified: Dec 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 15.0.0, 15.0.1

Fixed In:
15.1.0

Opened: Jul 24, 2019
Severity: 3-Major

Symptoms

Incorrect hw_offload status for DoS vector or signature in tmctl dos_stat after the attack has stopped.

Impact

DoS vector/signature stays hardware-accelerated.

Conditions

BIG-IP system with DoS-accelerated vectors support (SPVA support).

Workaround

After attack, change the state for DoS vector/signature to detect-only. Then return vector state to mitigate.

Fix Information

Hardware-acceleration status for vector/signature status is updated based on observed traffic.

Behavior Change