Forum Discussion

biglouie_9849's avatar
biglouie_9849
Icon for Nimbostratus rankNimbostratus
Oct 11, 2012

F5 LCD displaying "Blocking DOS attack"

Not sure if I'm posting this in the correct forum, apologies if not.

 

 

We have an Active/Standby cluster of 2 F5 Bigip 1600's running 9.4.7.

 

 

Recently we noticed the Standby F5 is displaying the following error on its LCD display:

 

 

"Critical: 9d Blocking Dos Attack"

 

 

[I'm assuming "9d" refers to 9 days because the number increases each day].

 

 

Is there anything I could or should be doing about this? I'm assuming this just means its doing its job and blocking a denial of service attack, however if I log into the web interface of the device there is nothing in the logs to indicate there is anything going on [I cant find any reference to a Dos attack].

 

The Active cluster member isn't displaying any errors [so I guess its targeted at the local IP address of the external interface of the Standby member?]

 

Should we just wait this out or can something be done about it? As far as I can tell its not affecting our network in any way [although we are having a weird problem with the VPN tunnels on our firewall cluster, but I think thats a coincidence].

 

 

Thanks in advance

 

app sec
BIG-IP Access Policy Manager (APM)
security

16 Replies

Sort By
Show More
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 18, 2012
    The 'configuration reload' message is normal. I assume there's no error being displayed (that can be cleared/acknowledged) on the LCD? If not, I assume this is a bug. What version are you running?

     

     

    It might be worth checking memory levels and actually checking connection levels to ensure there isn't a real issue.
  • biglouie_9849's avatar
    biglouie_9849
    Icon for Nimbostratus rankNimbostratus
    Oct 18, 2012
    The version is "BIG-IP 9.4.7 Build 320.1 Final". The LCD is not displaying any errors, just displaying statistics about memory, etc.

     

     

    The System memory shows: Host total=3.4G, Host Used=3.3G, TMM Total=2.7G, TMM Used=45.1M

     

     

    Active connections is steady at around 1.25k.
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Oct 18, 2012
    Looks OK. Perhaps try this: http://support.f5.com/kb/en-us/solutions/public/11000/000/sol11094.htmlclearalarm
  • biglouie_9849's avatar
    biglouie_9849
    Icon for Nimbostratus rankNimbostratus
    Oct 18, 2012
    I tried that advice however the problem remained, I then found http://support.f5.com/kb/en-us/solutions/public/5000/400/sol5486.html

     

    which advised using the clearlcd_warning command, which worked! The alarm is now cleared.

     

     

    Thanks for your help.
  • otuna_245449's avatar
    otuna_245449
    Icon for Nimbostratus rankNimbostratus
    Jan 20, 2016

    Question:

     

    My customer wonders as to whether or not this message "Blocking DOS attack" is being logged somewhere (either in local logging on F5 LB or in remote/system logging, if set up).

     

    Could you please respond by tomorrow at latest ? Thanks