ZyWALL Series CLI Reference Guide
327
CHAPTER 40
Reputation Filter
This chapter introduces and shows you how to configure IP reputation and URL filtering.
40.1 Overview
IP Reputation
IP reputation checks the reputation of an IP address from a database. An IP address with bad
reputation associates with suspicious activities, such as spam, virus, and/or phishing. The Zyxel Device will
respond when there are packets coming from an IPv4 address with bad reputation.
URL Threat Filter
URL filtering compares access to specific URLs against a database of blocked or allowed sites. Sites on
the database are sorted into categories such as:
Note: This feature was previously called Anti-Botnet Filter.
DNS Threat Filter
DNS threat filtering inspects DNS queries made by clients on your network and compares the queries
against a database of blocked or allowed Fully Qualified Domain Names (FQDNs). The Zyxel Device DNS
Threat Filter will either drop the DNS query or reply to the user with a fake DNS response.
The following types of DNS queries are inspected by the Zyxel Device:
- Type "A" ...
- Type "AAAA" ...
- Type "NS" ...
- Type "MX" ...
- Type "CNAME" ...
- Type "PTR" ...
- Type "SOA" ...
The Zyxel Device replies with a DNS reply packet containing a fake IP address for type "A", and replies
with a DNS reply packet with server failure code for remaining types.
Anonymizers Browser Exploits
Malicious Downloads Malicious Sites
Phishing Spam URLs
Spyware Adware
Keyloggers
To Next Page
Loading...
