For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

smp_86112's avatar
smp_86112
Icon for Cirrostratus rankCirrostratus
Jan 22, 2009

Methodolgy to ID source of DOS attack

Recently, I started receiving SNMP traps from an LTM pair indicating it was the target of a possible DOS attack.     Limiting open port RST response from 16170 to 250 packets/sec   ...
management
monitoring
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 28, 2009
It's not something I've ever been asked about or seen in customer implementations.

 

 

I'm pretty sure netstat -a would show the connections in a state of SYN RECEIVED or something similar. If the source IP was forged, I'm not sure how you'd identify the true source. I'm guessing this wouldn't be simple.

 

 

Anyone else have thoughts on this?

 

 

Aaron