Forum Discussion

Nimbostratus

8 years ago

Sysscan Scanner Request

Got a complaint from our boss about a web attack that was blocked by symantec IPS but wasn't blocked by ASM. Checked the specific policy and as far as I know all possible scan/scanner signatures (16 ...

ASM Advanced WAF

security

samstep

Cirrocumulus

8 years ago

Sysscan/masscan is a very fast TCP port scanner not a URL scanner, hence ASM is not capable of detecting it, but it is already protecting your websites because what F5 is very good at is dropping packets on ports it is not listening on. If sysscans does hit ports 80/443 then F5 LTM will simply reset the connection without any impact on the backend application. You can tell your boss to relax as this was not a web attack, buct a port scanner. Pretty simple to block on the upstream network firewall as well..

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Sysscan Scanner Request

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

How to Verify config before loading to F5

Logical Disk Full to Migrate rSeries

HSL - Local TimeZone - in syslog server

VIP control across data centers - how to ensure only 1 VIP is up at a time?

Related Content

BotPoke Scanner Switches IP

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

Nessus 6 XSLT Conversion for ASM Generic Scanner Import

Reviewing vulnerability scanner results for an APM protected Virtual Server - part two

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS