Bug ID 632839: UDP Flood does not get detected if the vector limits are infinite

Last Modified: Jun 30, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3,,,,,,,, 12.1.4,, 12.1.5,,,, 12.1.6, 13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,

Opened: Dec 09, 2016
Severity: 2-Critical


If the UDP_flood AFM DoS vector is configured as 'infinite' for both detection-threshold-pps and default-internal-rate-limit then it will not get detected. Even per-virtual server and Sweep/Flood will not detect UDP_Flood. If they are not infinite, they should work as expected, and the default value for detection-threshold-pps is 400000.


You might expect UDP_flood vector to be detected at the per-virtual server and Sweep/Flood level, but if it is configured at infinite at the global device level, then it will not be detected at any level at all.


-- Settings of 'infinite' for UDP_flood device-dos vector. -- Running v12.1.1, 12.1.2, or 12.1.3.


To enable the system to detect UDP_Flood at the various levels, set the global device-dos level for UDP_flood to be 4294967294 (1 less than MAX_UINT32). Note: With this workaround, the system still cannot detect UDP_flood vector still at the global device-level because the number is too high.

Fix Information


Behavior Change