Bug ID 500449: "Any IPv4 or IPv6" choice in sweep attack has atypical definition

Last Modified: Sep 13, 2023

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4

Fixed In:
11.6.0 HF5

Opened: Jan 10, 2015

Severity: 4-Minor

Symptoms

OLH does not convey the function of Any IPv4 or Any IPv6 choice in single endpoint sweep attack configuration.

Impact

When selected, the endpoint sweep attack detects only traffic "other than TCP, UDP, ICMP, or IGMP."

Conditions

When one of these options is chosen, the configuration does not behave as expected and detect "any" traffic.

Workaround

None

Fix Information

In the DoS Device Protection configuration for a Single Endpoint Sweep attack, the packet types "Any IPv4" and "Any IPv6" do not actually apply to all IPv4 and IPv6 traffic. Rather, these categories apply to any traffic other than TCP, UDP, ICMP, or IGMP. This has been clarified in the system online help.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips