It's not the Network! Ok, maybe it's the network...

Jason Rahm

Subscribe to Jason Rahm: eMailAlertsEmail Alerts
Get Jason Rahm via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Jason Rahm

F5er and DevCentral member natty76 wrote a few iRules a while back on interactive TLS session starting on the SMTP, IMAP, and POP3 protocols. A lot of the iRules can be understood from a flow perspective by reading the iRule top to bottom. This is not the case for these iRules. In this article, I’ll break down the SMTP communication context for the BIG-IP as middleman between client and server. I’ve saved the iRule as an image below so I reference line numbers as I go. The SMTP iRule as well as the IMAP and POP3 iRules are available in the iRules Codeshare.   Before digging into the iRule, the usage example in section six of RFC 2487 is illustrated in the drawing below with the steps from our description to follow highlighted on each leg of the protocol exchange.   The iRule The process starts with the standard TCP 3-way handshake, which results in the CLIENT_AC... (more)

The ABCs of NSM - V is for Vim

Welcome back for another episode of the ABC's of NSM.  What's NSM you say?  We'll go with Network and System Management, but you could throw Security in there as well.  We'll work our way through the alphabet over  the next several weeks looking at  tools and concepts along the way for all the administrators out there.   By the way, you can thank Joe for the format & Don for the title  (I  couldn't for the life of me come up with one.) Today's letter V is for Vim. Vim is a cross-platform console and GUI text editor that is backwards compatible with the unix shell vi, from which it... (more)

Announcing PyControl v2!

At long last, we’re happy to announce pycontrol, version 2! This version is a complete re-write of the original, with many improvements. Over the next several weeks keep an eye out for more samples posted to code share as well as tutorials, both in tech-tip and screen cast form.  Here are a few feature highlights: Attribute-driven for easy introspection of iControl methods. Optional single-file install. No longer requires root access. Just drop pycontrol.py somewhere you'll remember and add it to sys.path, or drop it onto sys.path itself. On-box WSDL or remote-fetch. This means ... (more)

Live from Microsoft Tech Ed: Final Day

So I guess I’m on the even days plan here at Tech Ed, today being the fourth and final day of Tech Ed…  Yesterday I got the chance to walk around the exhibitor hall and take a look at the exciting offerings on the floor.  Microsoft had three very large sections with breakout booths for all their product offerings.  I stopped and chatted with a few experts in the Server 2008 R2 virtualization offerings, and watched a couple System Center demos as well.  Speaking of System Center, did you know F5 has a management pack for System Center?  I talked to several booth visitors yesterday... (more)

Let iRules Work Around that ASP.NET Padding Oracle Attack

Microsoft released advisory 2416728 on Friday after researchers Thai Duong and Juliano Rizzo demonstrated the attack on ASP.NET with their Padding Oracle Exploit Tool.  The attack itself preys on a bug in ASP.NET’s AES implementation, which you can read about over here at threatpost.  So what’s the reward for a successful attack?  It’s not going to allow the attacker to execute code or elevate rights, but it does all the attacker to read potentially sensitive data that could then be further used to compromise the system. The mitigation for this attack is to obfuscate the server ... (more)