Forum Discussion
MVPCan I counting Syn packet ??
Hi guys
I want to block syn flooding using irule
So, my plan is counting syn flooding base of source and destination IP
set src and dst and set max-request and time
but I don't know how to count syn ..
Let me know it if you know how to count syn packet
thank you
Hello.
There exists an iRule event that you can use to count TCP Sync packets
https://clouddocs.f5networks.net/api/irules/FLOW_INIT.html
Don't forget to test it in lab before moving to production.
This event has some bugs that could make you crash your TMM.
- https://cdn.f5.com/product/bugtracker/ID706505.html
- https://cdn.f5.com/product/bugtracker/ID643396.html
- https://cdn.f5.com/product/bugtracker/ID612874.html
- https://cdn.f5.com/product/bugtracker/ID497115.html
KR,
Dario.
Dario_GarridoNoctilucent
Hello.
There exists an iRule event that you can use to count TCP Sync packets
https://clouddocs.f5networks.net/api/irules/FLOW_INIT.html
Don't forget to test it in lab before moving to production.
This event has some bugs that could make you crash your TMM.
- https://cdn.f5.com/product/bugtracker/ID706505.html
- https://cdn.f5.com/product/bugtracker/ID643396.html
- https://cdn.f5.com/product/bugtracker/ID612874.html
- https://cdn.f5.com/product/bugtracker/ID497115.html
KR,
Dario.
PeteWhiteEmployee
You can't do it - syn cookies do a better job and if you have a standard VS then it will take care of it anyway because it is a full proxy ie it will only create a server-side connection when the client-side connection is setup. You can also look at dos profiles with AFM and possibly ASM.