For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SamFok's avatar
SamFok
Icon for Altostratus rankAltostratus
Apr 20, 2020

Fail to access DVWA which is behind F5 LTM

hi Team,   Step 1. Tried to setup the DVWA docker accordingly to below link: https://github.com/ethicalhack3r/DVWA docker run --rm -it -p 80:80 vulnerables/web-dvwa   When access the DVWA ...
application delivery
BIG-IP
LTM
SamFok's avatar
SamFok
Icon for Altostratus rankAltostratus
Apr 21, 2020

Thanks Martin,

 

It may due to the F5 LTM is deployed as Single Nic in the GCP, where:

 

10.1.1.14: LTM IP (single nic)

10.1.1.15: DVWA IP

XX.XX.XX.XX: masked public ip from my computer

 

Capture the said tcp dump as attached, and in the last few entries,

 

------------------------------------------------

10:25:00.492238 IP 10.1.1.14.43358 > 10.1.1.15.80: Flags [F.], seq 10, ack 2, win 222, options [nop,nop,TS val 1013071 ecr 2516564255], length 0 in slot1/tmm0 lis= flowtype=66 flowid=5

600019C9C40 peerid=5600019C9D40 conflags=24000E26 inslot=63 inport=23 haunit=0 priority=0 peerremote=00000000:00000000:0000FFFF:0A01010F peerlocal=00000000:00000000:0000FFFF:0A01010E r

emoteport=80 localport=43358 proto=6 vlan=4094

 

10:25:00.492248 IP 10.1.1.14.43358 > 10.1.1.15.80: Flags [F.], seq 1908046924, ack 2, win 222, options [nop,nop,TS val 2592968267 ecr 2516564255], length 0 out slot1/tmm0 lis= flowtype

=130 flowid=5600019C9D40 peerid=5600019C9C40 conflags=4000E26 inslot=63 inport=23 haunit=0 priority=0 peerremote=00000000:00000000:0000FFFF:0A01010E peerlocal=00000000:00000000:0000FFF

F:0A01010F remoteport=43358 localport=80 proto=6 vlan=4094

 

10:25:00.492398 IP 10.1.1.15.80 > 10.1.1.14.43358: Flags [.], ack 1908046925, win 1018, options [nop,nop,TS val 2516564255 ecr 2592968267], length 0 in slot1/tmm0 lis= flowtype=130 flo

wid=5600019C9D40 peerid=5600019C9C40 conflags=4000E26 inslot=63 inport=23 haunit=0 priority=0 peerremote=00000000:00000000:0000FFFF:0A01010E peerlocal=00000000:00000000:0000FFFF:0A0101

0F remoteport=43358 localport=80 proto=6 vlan=4094

 

10:25:00.492407 IP 10.1.1.15.80 > 10.1.1.14.43358: Flags [.], ack 11, win 1018, options [nop,nop,TS val 2516564255 ecr 1013071], length 0 out slot1/tmm0 lis= flowtype=66 flowid=5600019

C9C40 peerid=5600019C9D40 conflags=24000E26 inslot=63 inport=23 haunit=0 priority=0 peerremote=00000000:00000000:0000FFFF:0A01010F peerlocal=00000000:00000000:0000FFFF:0A01010E remotep

ort=80 localport=43358 proto=6 vlan=4094

------------------------------------------------

 

it does see back and forth communication between the LTM and DVWA servers.

Any comment? thx.

 

Br,

Sam Fok