Bug ID 737597: AVR DoS Attack report misses virtual server name in a specific config

Last Modified: May 29, 2024

Affected Product(s):
BIG-IP AFM(all modules)

Known Affected Versions:
12.0.0, 12.0.0 HF1, 12.1.0 HF1, 12.0.0 HF2, 12.1.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.1 HF1, 12.1.1 HF2, 12.1.2 HF1, 12.1.2 HF2, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7

Fixed In:
12.1.4

Opened: Jul 19, 2018

Severity: 3-Major

Symptoms

In Security :: Reporting : DoS : Network, the report shows the attack, but categorizes the attack under 'Aggregated' in the Virtual Server name value, rather than the actual name of the Virtual Server on which the attack is happening.

Impact

AVR report missing the Virtual Server information.

Conditions

-- A Virtual Server is configured with a IP/Subnet range. For example, -- Virtual Server with Destination Address: 10.10.10.0/27 (meaning the destination range is 10.10.10.32 - 10.10.10.63). -- Destination Address of the Client Traffic and Attack: 10.10.10.63 View AVR Reporting, which does not resolve the to any specific Virtual Server, but instead categorizes the attack as 'Aggregate'.

Workaround

None.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips