Bug ID 910325: DDoS Vector - TCP BAD ACK is not hardware-accelerated

Last Modified: Apr 17, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 15.1.8, 15.1.8.1, 15.1.8.2, 15.1.9, 15.1.9.1, 15.1.10, 15.1.10.2, 15.1.10.3, 15.1.10.4

Opened: May 19, 2020

Severity: 2-Critical

Symptoms

There is no FPGA support for vector number 105 (FPGA vector number). This is an L4 DDoS vector that rate limits the number of incorrect TCP ACK Cookies. The vector is commonly referred to as ACK_Cookie_Bad.

Impact

This vector is not hardware accelerated. The DDoS mitigation can rely only on software support for this DDoS vector.

Conditions

This is encountered when a TCP BADACK DDoS vector is detected.

Workaround

None.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips