Bug ID 724679: Non-attacking IP addresses could be logged along with attacking IP addresses when DoS detects an attack

Last Modified: Sep 11, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1

Fixed In:
14.1.0

Opened: Jun 19, 2018
Severity: 3-Major

Symptoms

During an attack, MySQL might log IP addresses that are not part of an attack along with the IP addresses that are part of the attack.

Impact

The system might log messages related to IP addresses that are not part of the attack. These IP addresses are not part of the attack and may be ignored.

Conditions

This occurs when the system detects a BadEndpoint attack.

Workaround

None.

Fix Information

The system now tracks a special state that detects which Endpoints are bad, so it ignores the IP addresses that are not part of the attack.

Behavior Change