BIG IP 13.X How to prevent an answer on port scanning

Question

Hi,&nbsp;Actually, I have one 2 VS. One listening on port 80 with an LTM policy to redirect the traffic on the second VS listening on port 443. I'm looking for a solution to prevent the F5 to answer on port 80 to tcp connexion coming from a scan tool.&nbsp;Thanks

sanjayp · Answer

You can attach iRule to HTTP VIP to reject the traffic coming from the scanning tool. Using data-groupwhen CLIENT_ACCEPTED {
 if { [class match [IP::client_addr] equals scanner_ip] } {
     reject
       } else {
	 return  
	   }
    }Using IP-address within the iRulewhen CLIENT_ACCEPTED {
  if { [IP::addr [IP::client_addr] equals &lt;scannerip&gt; ] } {
     reject
       } else {
	 return  
	   }
    }

joyride_us · Answer

You can redirect the request from port 80 to port 443.( HTTP::redirect ...)

egrebeld · Answer

This way do not prevent the F5 to answer on port scanning&nbsp;

egrebeld · Answer

In this case, how the F5 knows that this a legitimate request and not a port scan ?

sanjayp · Answer

well, you need to explicitly add IP addresses of scanning tool in the data group "scannerip" or define in the iRule itself.

Forum Discussion

BIG IP 13.X How to prevent an answer on port scanning

6 Replies

Recent Discussions

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

ASM instance creation

Can iRule mask the payload content on event logs of security

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

F5Access | MacOS Sonoma

Related Content

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

OWASP Automated Threats - OAT-014 Vulnerability Scanning

Operationlizing Online Fraud Detection, Prevention, and Response

Advanced iRules: Scan

Advanced iRules: Binary Scan