Bug ID 429985: ICMP flood vector (and other ICMP vector) attacks are not detected when virtual server is configured in Forwarding mode

Last Modified: Apr 10, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Fixed In:
11.4.1 HF2, 11.4.0 HF4

Opened: Sep 06, 2013
Severity: 3-Major
Related AskF5 Article:
K11214571

Symptoms

ICMP flood and other ICMP DoS attacks are not detected/mitigated for ICMP traffic that matches a forwarding virtual server (set to All protocols).

Impact

ICMP flood (and some other ICMP attack) may not be detected by AFM DoS when virtual server is configured in forwarding mode and protocols is set to 'All Protocols' on the virtual server. This may result in bad traffic being undetected/mitigated as configured by user for corresponding ICMP DoS vectors in AFM

Conditions

ICMP traffic matches virtual server that is configured in forwarding mode and has protocol set to 'All Protocols'

Workaround

This issue has no workaround at this time.

Fix Information

ICMP Flood Attack will now be detected by BIG-IP operating in firewall (AFM) mode for a Forwarding Virtual Server with protocol = 'All Protocols'.

Behavior Change