Blocklist-based filtering is a practical way to reduce exposure to known malicious hosts by blocking traffic at the network level before it reaches services or customers.
FastNetMon supports automated ingestion and enforcement of IP-based blocklists, allowing operators to integrate external threat intelligence feeds or their own curated lists directly into their network mitigation workflows.
This approach is commonly used to block traffic associated with malware, phishing infrastructure, botnets, scanners, and other known malicious sources.
Flexible Blocklist Ingestion
FastNetMon can consume blocklists from multiple sources and formats. Blocklists may be hosted externally or managed internally, depending on operational requirements.
Commonly supported delivery methods include blocklists hosted over HTTP or HTTPS, as well as blocklists stored in object storage such as Amazon S3. FastNetMon regularly retrieves these lists and maintains a local, up-to-date copy for enforcement.
Blocklists must consist of individual IP addresses. Prefix aggregation and long CIDR chains are not supported for this feature, ensuring predictable behaviour and precise control.
Using External Threat Intelligence Feeds
Many organisations rely on third-party threat intelligence providers to maintain blocklists. These providers typically specialise in specific threat categories and continuously update their data based on global telemetry.
FastNetMon can ingest blocklists from multiple intelligence providers at the same time. All received entries are merged into a single internal master blocklist, allowing operators to enforce a unified filtering policy while benefiting from multiple data sources.
Update intervals are configurable, giving full control over how frequently blocklists are refreshed and changes propagated to the network.
Network-Level Enforcement via BGP
Once a blocklist is loaded, FastNetMon distributes blocking information to routers using BGP. This enables filtering to occur directly at the network edge or core, without relying on application-level controls or firewalls.
When new IP addresses are added to a blocklist, FastNetMon automatically announces the corresponding routes to the configured routers. When entries are removed from the blocklist, FastNetMon withdraws the routes, ensuring that traffic is no longer blocked unnecessarily.
This fully automated lifecycle ensures that blocking rules remain accurate and aligned with the current state of threat intelligence feeds.
Operational Benefits
Blocklist-based filtering with FastNetMon helps reduce unwanted traffic before it consumes bandwidth or processing capacity. By enforcing policies at the routing level, networks gain an additional layer of protection with minimal operational overhead.
Because FastNetMon supports multiple feeds and continuous updates, it is well-suited for environments where threat intelligence changes frequently, and manual rule management would be impractical.
Part of a Broader DDoS Protection Strategy
Blocklist-based filtering complements FastNetMon’s other DDoS detection and mitigation capabilities, including traffic anomaly detection, BGP Blackhole automation, FlowSpec mitigation, and scrubbing centre diversion.
It is most effective when used as one component of a layered, network-level defence strategy.
Start Blocking Malicious Traffic with FastNetMon
FastNetMon makes it straightforward to integrate external threat intelligence into your network and enforce blocking policies automatically.
Start a free trial to evaluate blocklist-based filtering in your environment, or contact our sales team to discuss integration options and operational requirements.