Bug ID 891793: DOS attack dashboard displays statistics that don't belong to the attack

Last Modified: Mar 23, 2020

Bug Tracker

Affected Product:  See more info
BIG-IQ AppIQ(all modules)

Known Affected Versions:
6.1.0

Opened: Mar 22, 2020
Severity: 3-Major

Symptoms

DOS attack dashboard (Monitoring > DASHBOARDS > DDoS > Protection Summary:Attacks: Selected attack) may display statistics that don't belong to the attack. This can occur in the following scenarios: A. A protected object was attacked multiple times. Historical data may display statistics of separate attacks on the same protected object. B. A virtual server with the same name as the attacked virtual server, but is configured to a different device. Statistics from virtual servers that share the same name are displayed on the attack page.

Impact

Information found in the attack dashboard is incorrect and requires additional investigation measures into the protected object itself.

Conditions

Scenario A: 1. Create an attack on a protected object. 2. End the attack, wait for the attack alert to be cleared. 3. Create a new attack on the same protected object. 4. Go to the attack dashboard to view statistics Scenario B: 1. Create virtual servers with the same name on two different devices. 2. Run traffic to both virtual servers. 3. Create an attack on one virtual server. 4. Go to the attack dashboard, and check the BIG-IP Hostnames of the reported statistics.

Workaround

Ensure that protected virtual servers across your BIG-IP device network have unique names that are not duplicated.

Fix Information

None

Behavior Change