Bug ID 463760: AFM DDoS BAD_ICMP_FRAME might be triggerred in some valid cases

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
11.6.0, 11.6.1, 11.6.2, 11.6.3,,,,, 11.6.4, 11.6.5,,,, 12.1.0 HF1, 12.1.0 HF2, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2

Fixed In:

Opened: May 22, 2014

Severity: 4-Minor


The count for the DOS vector BAD_ICMP_FRAME might be incremented even for packets that are allowed.


The count for BAD_ICMP_FRAME might go up even for packets that we allow.


AFM DoS provisioned and licensed. There are certain ICMP types which are reserved according to the RFC - but LTM allows those ICMP types to be load-balanced. However, with AFM DoS, we only allow ICMP types which are explicitly specified in the RFC and not the reserved types.


Set the rate limit and detection limit to higher values for BAD_ICMP_FRAME.

Fix Information

Set the rate-limit/detection-limit to higher values for BAD_ICMP_FRAME.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips