topic Re: URL Filtering in Advanced Threat Prevention Discussions

URL Filtering

FIDELE — Thu, 06 Feb 2020 10:52:37 GMT

http://shodan.io/ URL is categorized as hacking website.

Can someone advise as internal users want access to it?

Re: URL Filtering

SutareMayur — Thu, 06 Feb 2020 14:59:55 GMT

Checked reputation of this url and not seeing any poor reputation of it. Some of the sites are categorizing it under internet and info.

https://talosintelligence.com/reputation_center/lookup?search=shodan.io

https://www.brightcloud.com/tools/url-ip-lookup.php

Re: URL Filtering

hisingh — Thu, 06 Feb 2020 15:20:01 GMT

Hello Fidele,

I understand that you want to access 'shodan.io' and it was blocked as a hacking site. There are a couple of ways.

(a) you can override your URL filtering object and allow hacking sites.

(b) Depending on the PAN-OS, you can add one site in exception as a white list

(d) If you only want to allow for one user, you can create a policy based on the user, and URL

some useful documents.

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/url-filtering/url-filtering-concepts/url-category-exception-lists.html

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/block-and-allow-lists

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltmCAC

Thanks

Himani

Re: URL Filtering

SutareMayur — Thu, 06 Feb 2020 16:07:41 GMT

Yes this can be done or else add object as fqdn "shodan.io" and allow it in policy. But it will allow only 'shodan.io' but not *.shodan.io.

Re: URL Filtering

FIDELE — Thu, 06 Feb 2020 16:17:25 GMT

Thank you for response. Actually before i do anything, i d like to know if indeed it s hacking website as PaloAlto Firewall categorizes it. I am running PAN-OS 8.1.10

Re: URL Filtering

SutareMayur — Thu, 06 Feb 2020 16:33:47 GMT

Its not specific to PAN version. On my firewall (running on 9.0.3) also getting categorized under hacking site. I checked on few sites and reputation of this url is not listed as poor. Please check my earlier reply.

Re: URL Filtering

hisingh — Thu, 06 Feb 2020 17:22:35 GMT

Yes, it is a hacking website.

you can check it here: https://urlfiltering.paloaltonetworks.com/query/

Re: URL Filtering

FIDELE — Thu, 06 Feb 2020 19:42:41 GMT

Thank you very much for your time and feedback

Re: URL Filtering

emir.ay — Thu, 12 Mar 2020 00:55:02 GMT

Visitors on our network can't access to the google drive from web anymore, the application on phone works fine. Anything that I can do about it?

Re: URL Filtering

svanloenen — Fri, 26 Jun 2020 14:53:58 GMT

Shodan is not a hacking site per se. They will port scan all your addresses and will post what vulnerabilities they find. Obviously, you do not want these advertised as the bad actors will use this database to prey on those who are vulnerable. It is best to just block these addresses....but there are alot of them. Some times its a bit of wack-a-mole as well. There are other companies out there that do the same thing as Shodan (such as Digital Ocean).

I would like to see Palo-Alto maintain a dynamic list for these shady characters.