Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP AFM
Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4
Fixed In:
11.6.0 HF5
Opened: Jan 10, 2015 Severity: 4-Minor
OLH does not convey the function of Any IPv4 or Any IPv6 choice in single endpoint sweep attack configuration.
When selected, the endpoint sweep attack detects only traffic "other than TCP, UDP, ICMP, or IGMP."
When one of these options is chosen, the configuration does not behave as expected and detect "any" traffic.
None
In the DoS Device Protection configuration for a Single Endpoint Sweep attack, the packet types "Any IPv4" and "Any IPv6" do not actually apply to all IPv4 and IPv6 traffic. Rather, these categories apply to any traffic other than TCP, UDP, ICMP, or IGMP. This has been clarified in the system online help.