Can I counting Syn packet ??

Question

Hi guys

I want to block syn flooding using irule

So, my plan is counting syn flooding base of source and destination IP

set src and dst and set max-request and time

but I don't know how to count syn ..

Let me know it if you know how to count syn packet

thank you

dario_garrido · Accepted Answer

Hello.&nbsp;There exists an iRule event that you can use to count TCP Sync packetshttps://clouddocs.f5networks.net/api/irules/FLOW_INIT.html&nbsp;Don't forget to test it in lab before moving to production.This event has some bugs that could make you crash your TMM.https://cdn.f5.com/product/bugtracker/ID706505.htmlhttps://cdn.f5.com/product/bugtracker/ID643396.htmlhttps://cdn.f5.com/product/bugtracker/ID612874.htmlhttps://cdn.f5.com/product/bugtracker/ID497115.html&nbsp;KR,Dario.

petewhite · Answer

You can't do it - syn cookies do a better job and if you have a standard VS then it will take care of it anyway because it is a full proxy ie it will only create a server-side connection when the client-side connection is setup. You can also look at dos profiles with AFM and possibly ASM.

Forum Discussion

Can I counting Syn packet ??

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

Automating Packet Captures on BIG-IP

F5 packet buffer

UDP TCP Packet Duplication