Forum Discussion

Nimbostratus

Oct 31, 2017

Sysscan Scanner Request

Got a complaint from our boss about a web attack that was blocked by symantec IPS but wasn't blocked by ASM. Checked the specific policy and as far as I know all possible scan/scanner signatures (16 ...

ASM Advanced WAF

security

samstep

Cirrocumulus

Feb 04, 2018

Sysscan/masscan is a very fast TCP port scanner not a URL scanner, hence ASM is not capable of detecting it, but it is already protecting your websites because what F5 is very good at is dropping packets on ports it is not listening on. If sysscans does hit ports 80/443 then F5 LTM will simply reset the connection without any impact on the backend application. You can tell your boss to relax as this was not a web attack, buct a port scanner. Pretty simple to block on the upstream network firewall as well..

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Sysscan Scanner Request

F5 Academies Are Back – And We’re Coming to a City Near You

Introducing the F5 Application Study Tool (AST)

Recent Discussions

Replace stream if condition is met

Best practice for network communication with LDAP server

Mutual TSL Between Two BigIPs

Question regarding F5 Viprion Configuration Migration to VE.

Big-Ip Edge Client specials characters problems

Related Content

BotPoke Scanner Switches IP

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Reviewing vulnerability scanner results for an APM protected Virtual Server - part two

Nessus 6 XSLT Conversion for ASM Generic Scanner Import

Logging DNS Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS