Forum Discussion

Mike_Maher's avatar
Mike_Maher
Icon for Nimbostratus rankNimbostratus
Mar 01, 2012

Modified ASM Domain Cookie block in v11.1

Has anyone noticed that after upgrading to v11.1 that they are seeing Modified ASM Domain Cookie blocks where they were not seeing them before. I recently upgraded a box from 10.2.0 HF2 and I am doin...
app sec
BIG-IP Access Policy Manager (APM)
security
BT_90520's avatar
BT_90520
Icon for Nimbostratus rankNimbostratus
Mar 03, 2012
Rather different though all revolving ASM cookie.

 

 

Modified ASM Cookie - This tampering of ASM Main or Frame Cookie or their structure. See http://support.f5.com/kb/en-us/solutions/public/7000/000/sol7011.html?sr=19803122

 

 

ASM Cookie Hijacking - Happened when ASM Frame cookie and an ASM Main cookie that were generated with different MD5 digest keys. Prior to 10.1.0, it is known as "Wrong message key". See http://support.f5.com/kb/en-us/solutions/public/9000/500/sol9584.html?sr=19803134

 

 

Modified Domain Cookie - Mainly happened when ASM detected tampering of Web Server's Domain cookie. But there would be many other possible reasons too. See http://support.f5.com/kb/en-us/solutions/public/5000/900/sol5907.html

 

 

Suspecting it would be anyone whom is the culprit