IP reputation is an application- and network-layer defensive control that scores source addresses against threat-intelligence feeds, then blocks or challenges traffic from hosts with a recorded history of abuse. Feeds aggregate signals such as prior attack participation, open-proxy and Tor exit-node membership, known botnet command-and-control nodes, and crowd-sourced abuse reports. Edge platforms apply the score before a request reaches the origin, dropping or rate-limiting low-reputation sources cheaply.
Why it matters in DDoS testing
Reputation filtering is a first-pass control that removes obvious bad actors before more expensive inspection runs, but it degrades against fresh residential proxies and hijacked IPs with clean histories. A test measures both the false-negative rate (attack traffic from clean-looking IPs) and the false-positive risk (legitimate users behind shared NAT or VPNs). How major edge providers source and weight reputation differs, a point examined in the AWS Shield and Cloudflare comparison.