It's not the Network! Ok, maybe it's the network...

Jason Rahm

Subscribe to Jason Rahm: eMailAlertsEmail Alerts
Get Jason Rahm via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Top Stories by Jason Rahm

So I guess I’m on the even days plan here at Tech Ed, today being the fourth and final day of Tech Ed…  Yesterday I got the chance to walk around the exhibitor hall and take a look at the exciting offerings on the floor.  Microsoft had three very large sections with breakout booths for all their product offerings.  I stopped and chatted with a few experts in the Server 2008 R2 virtualization offerings, and watched a couple System Center demos as well.  Speaking of System Center, did you know F5 has a management pack for System Center?  I talked to several booth visitors yesterday who own System Center and F5 BIG-IP that had no idea…they left the booth pretty excited.  I also talked to some Exchange 2010 guys about the and they spoke very highly on our solution. Do you like free?  I walked by the NetWrix booth and 10 Free Tools for IT Professionals screamed out to m... (more)

Let iRules Work Around that ASP.NET Padding Oracle Attack

Microsoft released advisory 2416728 on Friday after researchers Thai Duong and Juliano Rizzo demonstrated the attack on ASP.NET with their Padding Oracle Exploit Tool.  The attack itself preys on a bug in ASP.NET’s AES implementation, which you can read about over here at threatpost.  So what’s the reward for a successful attack?  It’s not going to allow the attacker to execute code or elevate rights, but it does all the attacker to read potentially sensitive data that could then be further used to compromise the system. The mitigation for this attack is to obfuscate the server ... (more)

DNS Services Architecture

F5 has been in the DNS business for quite some time, beginning with the 3-DNS GSLB product introduced in 1998. While steadily growing the GSLB market through product advances, the platform is incredibly feature rich now, offering far more than GSLB services. Some of the other services added over the years (articles written on services in parentheses): Standard name services via BIND, as a fallback or as primary domain auth Local SLB for DNS DNSSEC (Configuring GTM’s DNS Security Extensions) Quova geolocation data (New Geolocation Capabilities, Heatmaps) DNS Express (DNS Express ... (more)

v11.1–Add Signatures or Checksums to iRules via an iApp

iApps, introduced in v11, have a primary function in controlling the object creation and management for an application delivered by BIG-IP. As discussed previously, however, anything that can be accomplished in TMSH can be done in an iApp, so what better way to quickly generate checksums on iRules than via an iApp. New in v11.1, you can add either a checksum or a digital signature to an iRule (but not both). For iRules that have been signed or had a checksum applied, there will be a line immediately following the final line of code (the last closing curly brace): #Checksum defi... (more)

Mitigate Java Vulnerability with iRules

I got a request yesterday morning to asking if there was a way to drop HTTP requests if a certain number was referenced in the Accept-Language header.  The user referenced this post on Exploring Binary.  The number, 2.2250738585072012e-308, causes the Java runtime and compiler to go into an infinite loop when converting it to double-precision binary floating-point.  Not good.  Twitter is ablaze on the issue, and there is a good discussion thread on Hacker News as well.  So how do you stop it?  At first, this appeared to be a no-brainer, just copy that string and drop if found in that... (more)