F5 Self IPs are making ping scan with a huge concern Index as per Lancop report - Ping_Scan

Question

Hi,
I have multiple VLANs in LTM, as per the security team  that F5 Self IPs are making ping scan with a huge concern Index as per Lancop report, example below :
5/19/2014 23:59Catch All10.2.1.810.15.4.0/2411819592Ping_Scan(23592)
5/19/2014 23:59Catch All10.2.1.910.15.4.0/2411104164Ping_Scan(22164)&nbsp;
Can u please advice what is this behavior? and Is it normal ?&nbsp;
Regards,
Kasem&nbsp;

cory_50405 · Answer

They could be misinterpreting ICMP type health monitors as ping scans. These health monitors would source from your non-floating self IP addresses. Do you have any pools using ICMP type monitoring?

what_lies_bene1 · Answer

Nodes also use the ICMP health monitor by default.&nbsp;

kasem_badwi_144 · Answer

yes I am monitoring using the ICMP type, all-most all pools using ICMP monitoring pool.

cory_50405 · Answer

Then it sounds like you have legitimate ICMP traffic, as long as it's sourcing from the non-floating self IP address on your LTM.

Forum Discussion

F5 Self IPs are making ping scan with a huge concern Index as per Lancop report - Ping_Scan

4 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

Making EKS Anywhere Highly Available and Secure

Making Mobile SDK Integration Ridiculously Easy with F5 XC Mobile SDK Integrator

Making WAF Simple: Introducing the OWASP Compliance Dashboard

Zero Trust - Making use of a Powerful Identity Aware Proxy (Hands on lab)

How to make DNS resolutions in an HTTP request event work FOR you, not against you