Forum Discussion

malikjengineer_'s avatar
malikjengineer_
Icon for Nimbostratus rankNimbostratus
8 years ago

ASM detected possible Detection Evasion and HTTP Command injection in traffic

detected possible Detection Evasion and HTTP Command injection in traffic sourcing from hosts destined for F5 VIPs via port http 80. no indication of activity being blocked/denied.   Is this a Ap...
application delivery
ASM Advanced WAF
LTM
security
Chris_Grant's avatar
Chris_Grant
Icon for Employee rankEmployee
8 years ago

Those are part of your ASM security policy. Whether or not it was blocked would be based on your settings. You can read more about attack signatures and evasion settings here:

 

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-0-0/26.html

 

or here:

 

https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/f5-asm-operations-guide.pdf

 

Basically ASM is reporting that someone tried to attack your web infrastructure and tried to do it in such a way that they would slip past a web application firewall. Normally this is done by encoding a string multiple times.