Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Can I counting Syn packet ??

Go to solution
neeeewbie
MVP
MVP

‎19-Mar-2020 22:18

Hi guys

I want to block syn flooding using irule

 

So, my plan is counting syn flooding base of source and destination IP

 

set src and dst and set max-request and time

 

but I don't know how to count syn ..

 

Let me know it if you know how to count syn packet

 

thank you

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
Dario_Garrido
MVP
MVP

‎20-Mar-2020 11:11

Hello.

 

There exists an iRule event that you can use to count TCP Sync packets

https://clouddocs.f5networks.net/api/irules/FLOW_INIT.html

 

Don't forget to test it in lab before moving to production.

This event has some bugs that could make you crash your TMM.

  • https://cdn.f5.com/product/bugtracker/ID706505.html
  • https://cdn.f5.com/product/bugtracker/ID643396.html
  • https://cdn.f5.com/product/bugtracker/ID612874.html
  • https://cdn.f5.com/product/bugtracker/ID497115.html

 

KR,

Dario.

Regards,
Dario.

View solution in original post

2 REPLIES 2

Go to solution
Dario_Garrido
MVP
MVP

‎20-Mar-2020 11:11

Hello.

 

There exists an iRule event that you can use to count TCP Sync packets

https://clouddocs.f5networks.net/api/irules/FLOW_INIT.html

 

Don't forget to test it in lab before moving to production.

This event has some bugs that could make you crash your TMM.

  • https://cdn.f5.com/product/bugtracker/ID706505.html
  • https://cdn.f5.com/product/bugtracker/ID643396.html
  • https://cdn.f5.com/product/bugtracker/ID612874.html
  • https://cdn.f5.com/product/bugtracker/ID497115.html

 

KR,

Dario.

Regards,
Dario.

Go to solution
PeteWhite
F5 Employee
F5 Employee

‎20-Mar-2020 11:13

You can't do it - syn cookies do a better job and if you have a standard VS then it will take care of it anyway because it is a full proxy ie it will only create a server-side connection when the client-side connection is setup. You can also look at dos profiles with AFM and possibly ASM.

Copyright © 2022 Khoros, LLC