For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chris_Stamm_183's avatar
Chris_Stamm_183
Icon for Nimbostratus rankNimbostratus
Aug 10, 2005

RPC load balancing among multiple tiers using iRules, pools and forwarding

Scenario: We have an app that uses... TCP port 7496 for one piece. TCP port 3372 for another piece. TCP port 135 for DTC that will renegotiate a high port in this case we set the RPC rang...
application delivery
dev
devops
iRules
Chris_Stamm_183's avatar
Chris_Stamm_183
Icon for Nimbostratus rankNimbostratus
Aug 12, 2005
The rule is still checked after the TCP connection to validate against the iRule. You are still checking the rule either way I would think and if so you would be checking against the rule prior to SYN, SYNACK, ACK and therefore reject before the 3way handshake thus doing less work. I agree about the SYN flood but on the inverse wouldnt you also be equally vulnerable to an established TCP connection or do you ignore any commands issued after the open TCP connection?

 

 

Just so I am clear and to avoid looking argumentative, I'm not trying to argue just understand.