Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3
Fixed In:
12.0.0
Opened: May 22, 2014 Severity: 4-Minor
The count for the DOS vector BAD_ICMP_FRAME might be incremented even for packets that are allowed.
The count for BAD_ICMP_FRAME might go up even for packets that we allow.
AFM DoS provisioned and licensed. There are certain ICMP types which are reserved according to the RFC - but LTM allows those ICMP types to be load-balanced. However, with AFM DoS, we only allow ICMP types which are explicitly specified in the RFC and not the reserved types.
Set the rate limit and detection limit to higher values for BAD_ICMP_FRAME.
Set the rate-limit/detection-limit to higher values for BAD_ICMP_FRAME.