Hope you are doing fine.
Recently I came across a DoS-related article which is as follows
Can anyone help me Protect TCP Middlebox Reflection by F5 BIG-IP WAF?
just for clarification: I understand that you want to protect your infrastructure from being attacked with amplification attacks. The article you are referring to describes an attack scenario where vulnerable firewalls or content filtering systems are abused to reflect and amplify TCP (or UDP) traffic to a victim.
For this kind of attacks (L3/L4) you want to use a cloud-based DDoS protection such as F5 Distributed Cloud or Silverline. Additionally, you might want to consider a hybrid solution, combining a cloud-based scrubbing center with BIG-IP Advanced Firewall Manager.
F5 Advanced WAF is helpful against L7 DoS or DDoS attacks.
Btw. nice article 🙂
Hi @RockBD ,
I think F5 or WAF is vulnerable for this kind of attack , if we imagine that A " Published services " on F5 WAF is a Victim , how F5 Accept a " Syn-Ack" Packet without sending " SYN ".
- Also I want to add that F5 is a TCP session terminator in full Proxy architectures deployments , so if hacker tried to trick F5 by spoofing ips his sessions should be dropped each time from beginning.
At all , You will find very powerfull info for implementing Dos protection :
> Or send your thoughs based on your environment to mimic it with "Middlebox Reflection" .