For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

malikjengineer_'s avatar
malikjengineer_
Icon for Nimbostratus rankNimbostratus
Nov 17, 2017

ASM detected possible Detection Evasion and HTTP Command injection in traffic

detected possible Detection Evasion and HTTP Command injection in traffic sourcing from hosts destined for F5 VIPs via port http 80. no indication of activity being blocked/denied.   Is this a Ap...
application delivery
ASM Advanced WAF
LTM
security
Chris_Grant's avatar
Chris_Grant
Icon for Employee rankEmployee
Nov 18, 2017

Those are part of your ASM security policy. Whether or not it was blocked would be based on your settings. You can read more about attack signatures and evasion settings here:

 

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/26.html

 

or here:

 

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/f5-asm-operations-guide.pdf

 

Basically ASM is reporting that someone tried to attack your web infrastructure and tried to do it in such a way that they would slip past a web application firewall. Normally this is done by encoding a string multiple times.