As a former developer, I have a special appreciation for vulnerabilities. Putting out code for 25 years means that sooner or later someone is going to hack through a bug or oversight in the collective bits. It’s happened to me more than once (but not lately, thank goodness). Consequently, when a particularly gruesome exploit is announced, I feel an instinctual sympathy for the developers of the hacked system. The sympathetic response goes like this: the shoulders raise forward, the gut tightens, the mouth grimaces and you say “Eeeewwww.”
Last month one of those cringe-worthy vulnerabilities was announced from the Microsoft Windows team. Microsoft Knowledge Base article VU#951982 describes an exploit where a specially-crafted UDP packet, repeatedly sent to a port that the Windows kernel is not listening on, can eventually crash the system and allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service. This is a ugly vulnerability, and my heart goes out to everyone involved in the Windows network stack.
It’s especially cringe-worthy because the system is vulnerable right out of the box so as a system administrator you don’t have to commit a sin to make your system vulnerable, it just IS.
Unless that system is behind a BIG-IP LTM, of course.
Being based on virtual servers, BIG-IP LTM discards any packets that don’t match a virtual server destination address and port. So of course you won’t get random UDP packets hitting your servers. This is yet another case of BIG-IP acting as a de-facto firewall by the very virtue of its default-deny security posture. This is a native behavior; LTM protects you right out of the box, no iRules necessary for this one. Though if you are looking for security iRules, here’s a link to a bunch. Sample iRules : Security.