How does Threat Intelligence block clients? Does a client get a TCP reset or is the request just silently dropped?
- Silverline Threat Intelligence
Threat Intelligence silently drops a client in a blocked category.
- When a client in a blocked category initiates the session with the proxy, the first packet (SYN) of that session is inspected and a decision made before completing the TCP handshake.
- This is a Layer 4 drop prior to any iRules or WAF policy.
Profiles allow tune which particular category should be blocked:
Cloud Provider Networks
Denial of Service
If ZScaler is categorised as a threat, you may want to disable temporary category. Bear in mind that this should be done very carefully as it may be categorised as "Windows Exploits".
NetRange: 18.104.22.168 - 22.214.171.124
Parent: NET165 (NET-165-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS53813, AS55242, AS62907, AS22616, AS32921, AS40384, AS53444
Organization: ZSCALER, INC. (ZSCAL)
- Threat Intelligence: Overview
- Threat Intelligence: Configuration
- How to Request Brightcloud to remove an IP being blocked by Threat Intelligence