Forum Discussion

MarioMoneta's avatar
MarioMoneta
Icon for Altostratus rankAltostratus
Jan 29, 2025

Syn-Flood protection

HI Guys

I've ben searching for information about syn-flood protection of f5. I know there is the this feature but i could not find many information. I searched in the :

techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-syn-flood-attacks-13-0-0/1.html

page but it seems all these pages of f5.com are no longer there. Can anyone explain how to activate this feature or send some exhaustive link ?

device is BIG-IP 17.1.1.3 Build 0.0.5 Point Release 3

Thank You 

B.R

Mario

 

  • The follow AFM Operations Guide may help:

    Denial of Service | BIG-IP AFM operations guide

    You can configure TCP SYN flood protection on a virtual server level by applying a DoS profile, or at a device level (globally). Each environment is different so you will need to adjust the threshold settings to suit yours. However, I have provided some examples below (I would strongly recommend testing this in a NON-PRODUCTION environment):

    Example TCP SYN Flood Configuration for Virtual Server

    create security dos profile DOS dos-network add { DOS { network-attack-vector add { tcp-syn-flood { state mitigate threshold-mode manual rate-threshold 1000 rate-limit 1000 bad-actor enabled per-source-ip-detection-pps 100 per-source-ip-limit-pps 100 } } } }
    
    modify ltm virtual <VS NAME> profiles add { DOS }

     

    Example TCP SYN Flood Configuration at Device Level

    modify security dos device-config dos-device-config dos-device-vector { tcp-syn-flood { state mitigate threshold-mode manual detection-threshold-pps 10000 detection-threshold-percent infinite default-internal-rate-limit 30000 } }

     

     

    • MarioMoneta's avatar
      MarioMoneta
      Icon for Altostratus rankAltostratus

      Thank You Michael. Is it possible somehow also on F5 LTM ? i ask because i saw a line in LTM Syn-flood protection not active (or disable). So  i guess something on that side could be done right ? 

      • Michael_Saleem's avatar
        Michael_Saleem
        Icon for MVP rankMVP

        Hmm... maybe you're after SYN cookie protection? (which can be configured either on a VLAN level or virtual server level)

        https://my.f5.com/manage/s/article/K74451051