Bug ID 993269: DoS timestamp cookies are incompatible with FastL4 TCP timestamp rewrite option

Last Modified: Sep 29, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3, 15.0.1.4, 15.1.0, 15.1.0.1, 15.1.0.2, 15.1.0.3, 15.1.0.4, 15.1.0.5, 15.1.1, 15.1.2, 15.1.2.1, 15.1.3, 15.1.3.1, 15.1.4, 15.1.4.1, 15.1.5, 15.1.5.1, 15.1.6, 15.1.6.1, 15.1.7, 16.0.0, 16.0.0.1, 16.0.1, 16.0.1.1, 16.0.1.2, 16.1.0, 16.1.1, 16.1.2, 16.1.2.1, 16.1.2.2, 16.1.3, 16.1.3.1, 16.1.3.2

Fixed In:
17.0.0

Opened: Feb 11, 2021
Severity: 2-Critical

Symptoms

Using DoS timestamp cookies together with a FastL4 profile with the timestamp rewrite option enabled might lead to traffic failures. DoS timestamp cookies might also lead to problems with traffic generated by the Linux host.

Impact

Traffic is dropped due to incorrect timestamps.

Conditions

-- DoS timestamp cookies are enabled, and either of the following: -- FastL4 profile with the timestamp rewrite option enabled. -- Traffic originating from Linux host.

Workaround

Disable timestamp cookies on the affected VLAN.

Fix Information

None

Behavior Change

Have a question?

About F5

Education

F5 sites

Support Tasks

© F5 Networks, Inc. All rights reserved. Policies | Privacy | Trademarks