Forum Discussion
nitass_89166
Feb 20, 2015Noctilucent
what about hosts that do not exist ? We ran a vulnerability scan on subnets that sit on the F5, we received a reply from ips that are not on the subnet yet.
do you have network virtual server address with enabling arp and icmp-echo?
root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual-address 192.168.0.0 all-properties
ltm virtual-address 192.168.0.0 {
address 192.168.0.0
app-service none
arp enabled
auto-delete true
connection-limit 0
description none
enabled yes
floating enabled
icmp-echo enabled
inherited-traffic-group false
mask 255.255.255.0
metadata none
partition Common
route-advertisement disabled
server-scope any
traffic-group traffic-group-1
unit 1
}
- pdiab_72047Feb 20, 2015Nimbostratusit is actually a directly connected network and not a VIP subnet. Why would F5 in the first place reply for a host that doesnt exist on that subnet and it looks like the MAC is for the vlan on the F5 and not the physical interface on the F5