For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Oct 29, 2015

Regarding SYN flood attack

Hi ALL, We are seeing SYN Cookie threshold exceeding on LTM while I think we are not seeing this huge connection from source so it can cross threshold limit of 16,384... Internal warning tm...

application delivery

Icon for Cirrus rank

Cirrus

Oct 29, 2015

I don't think there is a SOL for it in the wild, but you need to turn off hardware SYN cookie protection for network virtual servers. It doesn't behave properly when turned on for anything other than a /32 destination virtual server. We had many problems with this last year and our local FSE finally confirmed it and sent out a newsletter detailing that it should be turned off. Software SYN cookie protection should get you by for those network VIPs. If not, contact your local F5 team. As soon as you disable hadrware SYN cookie in the TCP/FastL4 profile attached to the VS you should see things get better.

Icon for Nimbostratus rank

Nimbostratus

Oct 30, 2015

Thanks Brad. Yes becoz we continued to see issue continually we have already disabled SYN Cookie and enabled Software Cookie globally.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Academy at AppWorld 2026

DevCentral News

Introducing the F5 AI Assistant for BIG-IP

Technical Articles

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5