Forum Discussion

Brian_Durkin_14's avatar
Brian_Durkin_14
Icon for Nimbostratus rankNimbostratus
Nov 18, 2014

BigIP LTM is reponded ping requests for address that do not exist in our network

Our network personnel have informed my that our non-production BigIP LTM is responding to ping requests of addresses that do not exist in our network.   Question: why is the BigIP responding any ...
application delivery
cisco
LTM
nitass's avatar
nitass
Icon for Employee rankEmployee
Feb 20, 2015

what about hosts that do not exist ? We ran a vulnerability scan on subnets that sit on the F5, we received a reply from ips that are not on the subnet yet.

do you have network virtual server address with enabling arp and icmp-echo?

root@(ve11b)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual-address 192.168.0.0 all-properties
ltm virtual-address 192.168.0.0 {
    address 192.168.0.0
    app-service none
    arp enabled
    auto-delete true
    connection-limit 0
    description none
    enabled yes
    floating enabled
    icmp-echo enabled
    inherited-traffic-group false
    mask 255.255.255.0
    metadata none
    partition Common
    route-advertisement disabled
    server-scope any
    traffic-group traffic-group-1
    unit 1
}
  • pdiab_72047's avatar
    pdiab_72047
    Icon for Nimbostratus rankNimbostratus
    Feb 20, 2015
    it is actually a directly connected network and not a VIP subnet. Why would F5 in the first place reply for a host that doesnt exist on that subnet and it looks like the MAC is for the vlan on the F5 and not the physical interface on the F5