Is SonicWall firewall has a solution to mitigate the new middlebox DDoS attack?

TomChou

Is SonicWall firewall has a solution to mitigate the new middlebox DDoS attack?

Firewalls and middleboxes can be weaponized for gigantic DDoS attacks

Academics discover novel DDoS attack vector abusing the TCP protocol.

Middleboxes like firewalls and DPI boxes can be abused to launch this new form of DDoS attack.

The new DDoS technique can be used to launch attacks with amplification factors in the realm of 1000x and more.

more detail: 

https://therecord.media/firewalls-and-middleboxes-can-be-weaponized-for-gigantic-ddos-attacks/

https://www.shadowserver.org/what-we-do/network-reporting/vulnerable-ddos-middlebox-report/

TKWITS

The TLDR version: In Flood Protection settings, the option 'Drop TCP SYN packets with data' should be enabled.

MitatOnge

@TomChou

In my opinion; you can use different sonicwall modes. Inspect mode is fit your toplogy.

https://www.sonicwall.com/support/knowledge-base/how-to-configure-wire-tap-mode-in-sonicos/170505532077365/