The network firewall checks traffic against an IP intelligence database to automatically handle traffic from known bad or questionable IP addresses. You can control the actions for each category of IP addresses in the network firewall.
Along with the IP address, the IP intelligence database stores the category that explains the reason that the IP address is considered untrustworthy.
|Windows exploits||IP addresses that have exercised various exploits against Windows resources using browsers, programs, downloaded files, scripts, or operating system vulnerabilities.|
|Web attacks||IP addresses that have launched web attacks of various forms.|
|Botnets||IP addresses of computers that are infected with malicious software and are controlled as a group, and are now part of a botnet. Hackers can exploit botnets to send spam messages, launch various attacks, or cause target systems to behave in other unpredictable ways.|
|Scanners||IP addresses that have been observed to perform port scans or network scans, typically to identify vulnerabilities for later exploits.|
|Denial of Service||IP addresses that have launched Denial of Service (DoS) attacks. These attacks are usually requests for legitimate services, but occur at such a fast rate that targeted systems cannot respond and become bogged down or unable to service legitimate clients.|
|Infected Sources||IP addresses that issue HTTP requests with a low reputation index score, or are known malware sites.|
|Phishing||IP addresses that are associated with phishing web sites that masquerade as legitimate web sites.|
|Proxy||IP addresses that are associated with web proxies that shield the originator's IP address (such as anonymous proxies).|