We are happy to announce the addition of DataPlane, a new source for inbound attacks and scanning. 


DataPlane provides IP adresses used for a variety of malicious activity, including: 

  • DNS server cataloging, amplification and reflection attacks 
  • SIP client cataloging and telephony abuse 
  • SSH server cataloging and password authentication attacks 
  • VNC server cataloging and remote access abuse

These IP addresses have been seen engaging in mass scanning and attempts to abuse the underlying protocols. Blocking them will prevent brute force attacks, as well as using your servers to conduct DDoS attacks.

The new source has been integrated into our TS Curated - Core Threats Tier 1 - IPs, TS Curated - Core Threats Tier 2 - IPs, and TS Curated - VOIP Attacks - IPs targets. If these targets are not already in your policy, we highly recommend adding them for increased protection from scanning and various inbound attacks. We have also created 3 new expert targets containing DataPlane IPs, which we  recommend adding to your policies:

  • DataPlane - SSH Authentication Attacks
  • DataPlane - SIP Client Cataloging and Telephony Abuse
  • DataPlane - VNC RFB Remote Access Abuse

Enabling these IP targets will add an essential layer of protection to your DNS, SIP, SSH and/or VNC servers, preventing threat actors from cataloging and abusing them.


If you do not have a ThreatSTOP account and would like to learn more, sign up for a quick demo.

If you do have a ThreatSTOP account, instructions to add targets to IP Defense policies are available on the ThreatSTOP Documentation Hub. Or, contact our Support team.