Forum Discussion

imac_105647's avatar
Icon for Nimbostratus rankNimbostratus
Jun 30, 2011

Activity triggering a generic buffer overflow attack signature




we have development occurring on a web application that is protected by an ASM policy we are seeing two of the generic buffer overflow attack signatures being triggered during testing so I have two questions:



Is there any way to see what an attack signature is matching against to see why it is being triggered?



Are buffer overflows triggered by some other setting (max length of string set somewhere for example)?



Any other clues about how I can troubleshoot this would be appreciated.





4 Replies

  • Hi Ian,



    Never say never :)





  • Also, in ~10.1 you can view the details of the full request info for the attack signature violation to (sometimes?) get a snippet of the matched string. But getting access to the full attack sig via MySQL should let you test this fully.



  • Hi Aaron,



    thanks for the info I will take a look at the MySQL and see what I can see. Not at 10 yet on the main systems so will wait for that improvement. Hope all is well with you and yours,





  • Oye... upgrade already! :) 9.4.x is going out of support and there have been *a lot* of improvements for ASM and LTM in v10. 10.2.x has been very stable and performant.