Forum Discussion
kargyrides_1348
Nimbostratus
NimbostratusF5® BIG-IP® Global Delivery Intelligence - Capabilities
Hi,
I would like to know if the ONLY way for a BIG-IP ASM to protect from Malicious IPs, Phishing URLs, Anonymous Proxies and TOR IPs is by incorporating the F5® BIG-IP® Global Delivery Intelligence ...
Michael_Koyfman
Cirrocumulus
CirrocumulusLeveraging our IP Intelligence subscription service is the best way to protect against those threats. You could try other approaches, but none will be as scalable and efficient as leveraging F5's own IPI service. It does not have to be used in conjunction with ASM, it can be used via iRules with LTM, and also can be leveraged with AFM(Network Firewall).
Would like for you to expand on the second question so that we can give you a more precise answer.
kargyrides_1348Regarding the second question I consider that the answer is probably "No" but since a customer is asking I would like to be sure about the answer. More specifically, the customer is a Telecommunication Provider located in Serbia and his question is if F5 provides a functionality that can block: 1) Malicious IPs, TOR IPs, Anonymous Proxies ---->This is the Part1 of the question and I believe that the best answer is F5's IPI service 2) IPs (attacker's IPs) that are known for attacking Serbian Telecommunication Providers ---> This is the Part 2 of the question. To be more specific, I would like to know if there is a live feed for the F5's IPI that focuses on Attacker's IPs that are attacking to known Serbian Telecommunication providers. Thanks.- Michael_KoyfmanWe don't have a feed that contains intelligence about attacks on specific providers, but you can easily craft a rule that leverages both IPI and potentially other custom-crafted/maintained data to make the access decision. There is also Geo-IP information available on the device, so it is pretty effective to use combination of both Geo-IP data(https://clouddocs.f5.com/api/irules/whereis.html) as IPI to protect against those threats.
