Forum Discussion

Altocumulus

Nov 10, 2022

How to Protect TCP Middlebox Reflection

Hi All Hope you are doing fine. Recently I came across a DoS-related article which is as follows https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/ Can anyone help me Protect TCP Middl...

application delivery

security

Mohamed_Ahmed_Kansoh

MVP

Nov 10, 2022

Hi RockBD ,
I think F5 or WAF is vulnerable for this kind of attack , if we imagine that A " Published services " on F5 WAF is a Victim , how F5 Accept a " Syn-Ack" Packet without sending " SYN ".
- Also I want to add that F5 is a TCP session terminator in full Proxy architectures deployments , so if hacker tried to trick F5 by spoofing ips his sessions should be dropped each time from beginning.

At all , You will find very powerfull info for implementing Dos protection :
https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/preventing-dos-attacks-on-applications.html

> Or send your thoughs based on your environment to mimic it with "Middlebox Reflection" .

Thanks

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

How to Protect TCP Middlebox Reflection

Recent Discussions

how to whitelist new source IP on F5 web UI access

F5 to read a combined CRL file

Upgrade F5 BIGIP

ISP Load Balancing, SNAT pool instead of Automap link self-ip, anyway to do health check ?

MAC address of deleted VS IP address still responsive

Related Content

L7 DoS Protection with NGINX App Protect DoS

Beyond REST: Protecting GraphQL

Cookie-based DDoS protection

Indentical Queries DNS Reflection Attack Protection

Protecting gRPC based APIs with NGINX App Protect

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS