Forum Discussion
hooleylist
Oct 05, 2012Cirrostratus
Hi Hung,
If you suspect that your BIG-IP was compromised, I would do as WLB suggested and prevent any access to HTTPS and SSH from untrusted networks. It's then critical to reinstall the OS on all partitions to ensure the units are no longer suspect. If you have a known good UCS backup from before the attack, you can restore the configuration from there. Else, you could save the current config and load select portions (bigip.conf/bigip_base.conf) after reinstalling the OS and hand checking the config is still valid.
Make sure that after you reinstall, you either upgrade to a current version or manually protect the units per:
SOL13600 - SSH vulnerability CVE-2012-1493
https://support.f5.com/kb/en-us/solutions/public/13000/600/sol13600.html
Aaron