During 2022, Infoblox's RPZ feeds included 32M unique indicators from original intelligence and had a reported false positive, negative impact rate of 0.00015%.

Infoblox gets early access to vulnerability information before it is published. That means Infoblox have time to patch and test fixes before the public are aware of the vulnerability.

Infoblox Green

Hex Color Codes #0ab548

Closest pantone match is 354C

Customers using DNS security policies can block malware IP addresses, DoT/DoH IP addresses and also TOR Exit Node IP addresses. A customer once found that NTP servers from pool.ntp.org were being blocked based on returned IP by the DoH RPZ Feed. They reported this as a false positive. It turns out that there are several servers in pool.ntp.org that use IP addresses associated (correctly) with services like DoT/DoH, Tor Exit Node, Botnets, etc. And so they are legitimate targets to block. In this case, an ISP had decided to run a public DoH server on the same IP as a public NTP server that was in the pool.ntp.org pool.

Members of pool.ntp.org - Checked in TIDE in Feb 2023

• 66.228.58[.]20 - TOR exit node
• 207.244.103[.]95 - DHS NCCIC Watchlist
• 138.236.128[.]36 - botnet location
• 139.99.222[.]72 - DoH server