Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 11.6.4, 11.6.5, 126.96.36.199, 188.8.131.52, 184.108.40.206
Opened: May 22, 2014
The count for the DOS vector BAD_ICMP_FRAME might be incremented even for packets that are allowed.
The count for BAD_ICMP_FRAME might go up even for packets that we allow.
AFM DoS provisioned and licensed. There are certain ICMP types which are reserved according to the RFC - but LTM allows those ICMP types to be load-balanced. However, with AFM DoS, we only allow ICMP types which are explicitly specified in the RFC and not the reserved types.
Set the rate limit and detection limit to higher values for BAD_ICMP_FRAME.
Set the rate-limit/detection-limit to higher values for BAD_ICMP_FRAME.