Forum Discussion

Nimbostratus

Apr 09, 2018

Vulnerability scan lists all ip's and port as open

Vulnerability scan on subnets behind F5 lists all ip's and ports as open. We use the Big ip as LTM currently running 13.1.0.2. Security team started seeing these results right around when we upgraded...

application delivery

LTM

Markie_Parkie_1

Nimbostratus

Guessing you have only the one port set on the forwarding VS that the clients are configured to go to and you are using explicit proxy?

jba3126

Cirrostratus

Jan 09, 2019

Markie Parkie, This was/is a wildcard VS so it listens for all IPs/Ports. We had this same setting on our 3900s with no issues; however when we went to vCMP Guests on i5800s we started seeing these issues. Above describes the article we used to resolve this. The only caveat is to watch for this issue to crop up after upgrades.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Vulnerability scan lists all ip's and port as open

Recent Discussions

BIG-IP SysLog appearing in ossec.log

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

Related Content

OWASP Automated Threats - OAT-014 Vulnerability Scanning

A Single IP is Scanning Intensely, and Yields a List of Malware Loaders

Continued Intense Scanning From One IP in Lithuania

Coordinated Vulnerability Disclosure: A Balanced Approach

The sooner the better: Web App Scanning Without Internet Exposure

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS