Last Modified: Jul 11, 2024
Affected Product(s):
BIG-IP AFM, Install/Upgrade
Known Affected Versions:
17.1.0, 17.1.0.1, 17.1.0.2, 17.1.0.3, 17.1.1, 17.1.1.1, 17.1.1.2, 17.1.1.3
Opened: Mar 29, 2023 Severity: 3-Major
The following log is observed in the console or /var/log/ltm logs: Logging 01071d5e:3: DOS attack data (tcp-flags-uncommon): Suspicious vector feature is not supported for tcp-flags-uncommon vector.
The following log is observed in the console or /var/log/ltm logs: Logging 01071d5e:3: DOS attack data (tcp-flags-uncommon): Suspicious vector feature is not supported for tcp-flags-uncommon vector. in the console or /var/log/ltm
1. The Only Count Suspicious Events option is enabled or the attribute suspicious is true on TCP Push Flood vector. 2. Upgrade to BIG-IP 17.1.0.
1. Confirm config: grep "suspicious true" /config/bigip.conf 2. Backup bigip.conf: cp /config/bigip.conf /config/bigip.conf.bak_ID1282029 3. Change affected configuration values: sed -i 's/suspicious true/suspicious false/g' /config/bigip.conf 4. Reload MCPD per K13030. AFM comes back up with config loaded fine.
None