For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brandon's avatar
Brandon
Icon for Cirrostratus rankCirrostratus
Sep 22, 2014

dns Question

I have gotten reports that my Hypervisor for the F5 LTMs, management interface is talking to google dns 8.8.8.8. I have tried a few different TCP dumps and don't see where my managment interface is talking to 8.8.8.8. Is there some where in the config I can look?

 

this is on of the TCP dumps i ran

 

tcpdump -ni 0.0:nnn -s 0 host '8.8.8.8'

 

application delivery
LTM
management

3 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Sep 22, 2014

    The 0.0 interface is only for tmm traffic. For the management interface, use eth0.

    tcpdump -lnni eth0 host 8.8.8.8
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Sep 22, 2014

    /etc/resolv.conf should map directly to the DNS GUI settings at System - Configuration - Device - DNS. Was there any mention of what it was trying to query?

     

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Sep 22, 2014

    Hi Brandon,

     

    If you can also ask the person(s) who reported it to you of exactly that they saw in their logs that identified the F5 as the culprit.