F5 K000119092 User Manual
K000119092: Overview of the attack signature Systems and Attack Type fields
https://my.f5.com/manage/s/article/K000119092
Published Date: Aug 12, 2011 UTC Updated Date: Feb 21, 2023 UTC
Topic
When a policy is first created, a generic attack signature set is associated with the Generic Detection Signatures policy. This generic attack signature set consists of three types of signature filters called systems:
General Database
Various systems
All systems
The intent of the generic attack signature set is to provide protection against attacks that target the most common database, application, and operating systems. The BIG-IP ASM system allows the configuration and addition of custom user attack signatures.
Note: For information about configuring custom or additional attack signatures, refer to the Configuration Guide for BIG-IP Application Security Manager. For information about how to locate F5 product manuals, refer to K12453464: Finding product documentation on AskF5.
The BIG-IP ASM attack signatures are categorized by two basic fields: Systems and Attack Type.
Systems
The Systems field is used to identify which type of systems/applications the attack signature encompasses. For more information, refer to the following table:
Note: Not all Systems are present on all versions of the BIG-IP ASM system.
Systems
Various Systems
All Systems
Outlook Web
Access
Description
Specific to certain systems/applications not defined within All Systems. Some general attacks that are not dependent on a particular system or code version.
All systems covers a wide range of general attacks that run on multiple systems/applications.
Attacks specific to Microsoft Outlook Web Access
Microsoft Windows
Attacks specific to Microsoft Windows family
IIS |
Attacks that are specific to the Microsoft IIS |
WebDAV |
Attacks that are specific to WebDAV |
ASP |
Attacks that are specific to Microsoft ASP |
PHP |
Attacks that are specific to PHP |
Java Servlets/JSP
Macromedia
ColdFusion
Novell
Cisco
Apache/NCSA
HTTP Server
Microsoft SQL
Server
MySQL
Oracle
Unix/Linux
CGI
Macromedia JRun
Front Page Server
Extensions FPSE
ASP.NET
Other Web Servers
Apache Tomcat
BEA Systems
WebLogic Server
SSI (Server Side
Includes)
XML
IBM DB2
Sybase/ASE
PostgreSQL
IBM DB2
System
Independent
Lotus Domino
Proxy Servers
Attack Types
Attacks that are specific to Java Servlets and Java Server Pages (JSP)
Attacks that are specific to Macromedia ColdFusion
Attacks that are specific to Novell
Attacks that are specific to Cisco
Attacks that are specific to Apache/NCSA HTTP Server
Attacks that are specific to Microsoft SQL Server
Attacks that are specific to the MySQL database
Attacks that are specific to the Oracle database
Attacks that are specific to Unix/Linux
Attacks that are specific to CGI scripting an implementation 
Attacks that are specific to Macromedia JRun
Attacks that are specific to Front Page Server Extensions FPSE
Attacks that are specific to ASP on the .NET platform
Attacks that are specific to other less common but still used web servers 
Attacks that are specific to the Apache Tomcat web server
Attacks that are specific to the BEA Systems WebLogic Server
Attacks that are specific to SSI (Server Side Includes)
Attacks that are specific to XML
Attacks that are specific to IBM DB2
Attacks that are specific to Sybase/ASE
Attacks that are specific to PostgreSQL
Attacks that are specific to IBM DB2
Attacks that are not limited to a specific system
Attacks that are specific to Lotus Domino
Attacks that are specific to various proxy servers
Note: Not all attack types are associated with a system. Some systems will only contain a small subset of attack types pertaining to known exploits that are unique to that system.
The Attack Type field is use to specify a particular area within the system/application that the signature specifically filters. For more information, refer to the following table:
Attack Type
Buffer overflow
Description
Buffer overflow exploits are attacks that alter the flow on an application by overwriting parts of memory.
Automatic directory listing/indexing is a web server function that lists all of
Loading...