Forum Discussion
Michael_Koyfman
Oct 04, 2013Cirrocumulus
Leveraging our IP Intelligence subscription service is the best way to protect against those threats. You could try other approaches, but none will be as scalable and efficient as leveraging F5's own IPI service. It does not have to be used in conjunction with ASM, it can be used via iRules with LTM, and also can be leveraged with AFM(Network Firewall).
Would like for you to expand on the second question so that we can give you a more precise answer.
- kargyrides_1348Oct 04, 2013NimbostratusRegarding the second question I consider that the answer is probably "No" but since a customer is asking I would like to be sure about the answer. More specifically, the customer is a Telecommunication Provider located in Serbia and his question is if F5 provides a functionality that can block: 1) Malicious IPs, TOR IPs, Anonymous Proxies ---->This is the Part1 of the question and I believe that the best answer is F5's IPI service 2) IPs (attacker's IPs) that are known for attacking Serbian Telecommunication Providers ---> This is the Part 2 of the question. To be more specific, I would like to know if there is a live feed for the F5's IPI that focuses on Attacker's IPs that are attacking to known Serbian Telecommunication providers. Thanks.
- Michael_KoyfmanOct 07, 2013CirrocumulusWe don't have a feed that contains intelligence about attacks on specific providers, but you can easily craft a rule that leverages both IPI and potentially other custom-crafted/maintained data to make the access decision. There is also Geo-IP information available on the device, so it is pretty effective to use combination of both Geo-IP data(https://clouddocs.f5.com/api/irules/whereis.html) as IPI to protect against those threats.