DDoS IPI List - Whitelist Update Domains
Problem this snippet solves: Legitimate IP address ranges and Domain Names of valid update servers. Additional info can be found: https://github.com/c2theg/DDoS_lists How to use this snippet: Add to IPI feeds. Security >> Network Firewall >> IP Intelligence : Feed Lists Create new list: DDoS_Feeds Add rule. Give a good name, IE: whitelist_update_servers List Type: whitelist Update frequency: 3600 Default Blacklist Category: (Create new one) Whitelisted_Source Admin / Password: <Leave Blank> Tested this on version: 13.0DDoS IPI List - Whitelist NTP Servers
Problem this snippet solves: Legitimate IP address ranges of valid NTP Servers. Additional info can be found: https://github.com/c2theg/DDoS_lists How to use this snippet: Add to IPI feeds. Security >> Network Firewall >> IP Intelligence : Feed Lists Create new list: DDoS_Feeds Add rule. Give a good name, IE: whitelist_ntp_servers List Type: whitelist Update frequency: 3600 Default Blacklist Category: (Create new one) Whitelisted_Source Admin / Password: <Leave Blank> Tested this on version: 13.0DDoS IPI List - Whitelist DNS Servers
Problem this snippet solves: Legitimate IP address ranges of valid DNS Servers Additional info can be found: https://github.com/c2theg/DDoS_lists How to use this snippet: Add to IPI feeds. Security >> Network Firewall >> IP Intelligence : Feed Lists Create new list: DDoS_Feeds Add rule. Give a good name, IE: whitelist_dns_servers List Type: whitelist Update frequency: 3600 Default Blacklist Category: (Create new one) Whitelisted_Source Admin / Password: <Leave Blank> Tested this on version: 13.0DDoS IPI List - Bogons
Problem this snippet solves: Bogon IP address ranges to block traffic from Additional info can be found: https://github.com/c2theg/DDoS_lists How to use this snippet: Add to IPI feeds. Security >> Network Firewall >> IP Intelligence : Feed Lists Create new list: DDoS_Feeds Add rule. Give a good name, IE: blacklist_bogon List Type: blacklist Update frequency: 432000 Default Blacklist Category: (Create new one) Blacklisted_Source Admin / Password: <Leave Blank> Tested this on version: 13.0
Simple GTM Domain Generation Algorithm dynamic blacklist
Problem this snippet solves: Simple GTM DGA dynamic blacklist used to reduce load on backend DNS servers. This iRule should be applied to GTM listener. Here are a list of all the configurable options: static::debug - enable/disable verbose logging to /var/log/ltm static::timeout - blacklist timeout static::threshold - threshold to enable dns blacklisting of a domain You need to set timeout and threshold according to your needs before enabling this irule. Code : when RULE_INIT { set static::debug 0 set static::timeout 60 set static::threshold 10 } when DNS_REQUEST { regexp {([-A-Z,a-z,0-9]+.[-A-Z,a-z,0-9]+)$} [DNS::question name] domain set count [table lookup ddbl_$domain] if { $count >= $static::threshold} { if { $static::debug } { log local0. "\[DDBL\] Dropping question [DNS::question name], $domain is on dynamic dns blacklist" } table timeout ddbl_$domain $static::timeout DNS::drop } } when DNS_RESPONSE { if { [DNS::ptype] == "NXDOMAIN" } { set count [ table incr ddbl_$domain ] table timeout ddbl_$domain $static::timeout if { $static::debug } { log local0. "\[DDBL\] NXDOMAIN HIT [DNS::question name], hitcount is $count, threshold is $static::threshold" } } } Tested this on version: 11.6