AltostratusHi All
Hope you are doing fine.
Recently I came across a DoS-related article which is as follows
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/
Can anyone help me Protect TCP Middlebox Reflection by F5 BIG-IP WAF?
MVPHi RockBD,
just for clarification: I understand that you want to protect your infrastructure from being attacked with amplification attacks. The article you are referring to describes an attack scenario where vulnerable firewalls or content filtering systems are abused to reflect and amplify TCP (or UDP) traffic to a victim.
For this kind of attacks (L3/L4) you want to use a cloud-based DDoS protection such as F5 Distributed Cloud or Silverline. Additionally, you might want to consider a hybrid solution, combining a cloud-based scrubbing center with BIG-IP Advanced Firewall Manager.
F5 Advanced WAF is helpful against L7 DoS or DDoS attacks.
Btw. nice article 🙂
KR
Daniel
AltostratusOh i forgot it is L3 DoS attack. Thanks for the reply and suggestions.
Hi RockBD ,
I think F5 or WAF is vulnerable for this kind of attack , if we imagine that A " Published services " on F5 WAF is a Victim , how F5 Accept a " Syn-Ack" Packet without sending " SYN ".
- Also I want to add that F5 is a TCP session terminator in full Proxy architectures deployments , so if hacker tried to trick F5 by spoofing ips his sessions should be dropped each time from beginning.
At all , You will find very powerfull info for implementing Dos protection :
https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-implementations-14-1-0/preventing-dos-attacks-on-applications.html
> Or send your thoughs based on your environment to mimic it with "Middlebox Reflection" .
Thanks
