Bug ID 737597: AVR DoS Attack report misses virtual server name in a specific config

Last Modified: May 14, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP AFM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7

Fixed In:
12.1.4

Opened: Jul 19, 2018
Severity: 3-Major

Symptoms

DoS AVR Report GUI page is under: Navigate to Security :: Reporting : DoS : Network The report shows the attack, but categorizes the attack under 'Aggregated' in the Virtual Server name value, rather than the actual name of the Virtual Server on which the attack is happening.

Impact

AVR report missing the Virtual Server information.

Conditions

-- A Virtual Server is configured with a IP/Subnet range. For example, -- Virtual Server with Destination Address: 10.10.10.0/27 (meaning the destination range is 10.10.10.32 - 10.10.10.63). -- Destination Address of the Client Traffic and Attack: 10.10.10.63 View AVR Reporting, which does not resolve the to any specific Virtual Server, but instead categorizes the attack as 'Aggregate'.

Workaround

None.

Fix Information

None

Behavior Change