Bug ID 429985: ICMP flood vector (and other ICMP vector) attacks are not detected when virtual server is configured in Forwarding mode

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Fixed In:
11.4.1 HF2, 11.4.0 HF4

Opened: Sep 06, 2013

Severity: 3-Major

Related Article: K11214571

Symptoms

ICMP flood and other ICMP DoS attacks are not detected/mitigated for ICMP traffic that matches a forwarding virtual server (set to All protocols).

Impact

ICMP flood (and some other ICMP attack) may not be detected by AFM DoS when virtual server is configured in forwarding mode and protocols is set to 'All Protocols' on the virtual server. This may result in bad traffic being undetected/mitigated as configured by user for corresponding ICMP DoS vectors in AFM

Conditions

ICMP traffic matches virtual server that is configured in forwarding mode and has protocol set to 'All Protocols'

Workaround

This issue has no workaround at this time.

Fix Information

ICMP Flood Attack will now be detected by BIG-IP operating in firewall (AFM) mode for a Forwarding Virtual Server with protocol = 'All Protocols'.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips