This section discusses the types of IP reputation supported by the NSX Advanced Load Balancer.
This feature works only if you have the NSX Advanced Load Balancer Enterprise License for Cloud Services.
IP reputation service is a tool to identify or categorize IP addresses based on their threats. Support for IP reputation is supported through NSX Advanced Load Balancer Cloud Services.
Webroot is a service provider that provides a real-time database for various security threats. The NSX Advanced Load Balancer uses the IP reputation service of Webroot to receive a database containing bad IP addresses. Bad IP addresses are addresses that can pose security threats to network services and applications. The availability of the IP reputation database helps to apply various network and security policies to block communication from these IP addresses. It uses the database that contains the list of IP addresses and the categories of security threats associated with them.
IP Reputation Types
The following are the supported IP reputation types:
IP Reputation Type |
Description |
Values |
|---|---|---|
Spam Source |
IP address known to be a spam source. Spam sources include tunneling spam messages through a proxy, anomalous SMTP, or forum spam activities. |
0 |
Windows exploit |
IP address offering or distributing malware, shell code, rootkits, worms or viruses. |
1 |
Web attacks |
IP address known to be source of web attacks, including cross-site scripting, iFrame injection, SQL injection, cross domain injection, or domain password brute force attack. |
2 |
Botnet |
IP address known to be a bot command and control channel, or infected machine controlled by a bot master. |
3 |
Scanner |
IP address known to be a scanner, such as probes, host scan, domain scan and password brute force attack. |
4 |
DoS |
DoS or DDoS attack, anomalous sync flood or anomalous traffic Detection. |
5 |
Reputation |
IP address known to be infected with malware or identified to contact malware distribution points. |
6 |
Phishing |
IP address hosting phishing sites or other kinds of fraud activities such as Ad click fraud or gaming fraud. |
7 |
Proxy |
IP address providing proxy services. |
8 |
Cloud |
IP address originating from a cloud. |
9 |
Mobile threats |
IP addresses of malicious and unwanted mobile applications. |
10 |
Tor proxy |
IP addresses acting as exit nodes for the Tor network. |
11 |
All threats |
Used if you want to protect against anything suspicious. |
32 |
Use Case
The IP reputation service provides insight into the possible security threats to networks and applications.
It enhances the layer of protection and increases the performance of web applications as malicious IP addresses are blocked at Layer 4 (IP reputation in Network Security Policy) or Layer 7 (IP reputation in HTTP Policy).
For example, you can block bad IP addresses or run any other action available in Network Security Policy or HTTP policies.
It is helpful in differentiating legitimate traffic from malicious traffic.
Prerequisites
Cloud Services on NSX Advanced Load Balancer is a mandatory feature requirement for IP reputation service and must be enabled and registered with the NSX Advanced Load Balancer Controller.
