F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

veredgf_96123's avatar
veredgf_96123
Icon for Nimbostratus rankNimbostratus
Oct 30, 2017

Sysscan Scanner Request

Got a complaint from our boss about a web attack that was blocked by symantec IPS but wasn't blocked by ASM. Checked the specific policy and as far as I know all possible scan/scanner signatures (16 ...
ASM Advanced WAF
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Feb 03, 2018

Sysscan/masscan is a very fast TCP port scanner not a URL scanner, hence ASM is not capable of detecting it, but it is already protecting your websites because what F5 is very good at is dropping packets on ports it is not listening on. If sysscans does hit ports 80/443 then F5 LTM will simply reset the connection without any impact on the backend application. You can tell your boss to relax as this was not a web attack, buct a port scanner. Pretty simple to block on the upstream network firewall as well..