AltostratusHi RockBD ,
I think F5 or WAF is vulnerable for this kind of attack , if we imagine that A " Published services " on F5 WAF is a Victim , how F5 Accept a " Syn-Ack" Packet without sending " SYN ".
- Also I want to add that F5 is a TCP session terminator in full Proxy architectures deployments , so if hacker tried to trick F5 by spoofing ips his sessions should be dropped each time from beginning.
At all , You will find very powerfull info for implementing Dos protection :
https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/preventing-dos-attacks-on-applications.html
> Or send your thoughs based on your environment to mimic it with "Middlebox Reflection" .
Thanks
