https://live.paloaltonetworks.com/t5/general-topics/about-dns-amplification-attack-issue/m-p/7967#M5887 <HTML><HEAD></HEAD><BODY><P>Hello Vincent,</P><P></P><P>Could you please let us know, what content database version is installed on your PAN firewall. The default action of above mentioned threats is "alert". </P><P></P><P><IMG alt="DNS-Amplification.JPG" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/13900_DNS-Amplification.JPG" style="height: 388px; width: 620px;" /></P><P>Could you please set the action to "drop-all-packet" or "reset-both". So that, all packets matching with the signature of above mentioned Threat ID will be dropped by PAN.</P><P></P><P>Thanks</P></BODY></HTML> Thu, 12 Jun 2014 15:45:46 GMT HULK 2014-06-12T15:45:46Z https://live.paloaltonetworks.com/t5/general-topics/about-dns-amplification-attack-issue/m-p/7966#M5886 <HTML><HEAD></HEAD><BODY><P>Dear Sir,</P><P>We have a customer for education envirument and they suffered a lot of DNS amplification attacks.Last 7 days session count is 688 Million and 220G Bytes for DNS traffic.</P><P>We try to drop the "Threat ID 36027 DNS Amplication Attack Query " and "Threat ID 36029 DNS Amplication Attack Response",But we only drop the ID 36027 signature once.</P><P>We want to know the problem for IPS signature Issue? Hope you can help us, Thanks!</P><P></P><P>Vincent.</P></BODY></HTML> Thu, 12 Jun 2014 09:11:07 GMT https://live.paloaltonetworks.com/t5/general-topics/about-dns-amplification-attack-issue/m-p/7966#M5886 vincentsun 2014-06-12T09:11:07Z https://live.paloaltonetworks.com/t5/general-topics/about-dns-amplification-attack-issue/m-p/7967#M5887 <HTML><HEAD></HEAD><BODY><P>Hello Vincent,</P><P></P><P>Could you please let us know, what content database version is installed on your PAN firewall. The default action of above mentioned threats is "alert". </P><P></P><P><IMG alt="DNS-Amplification.JPG" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/13900_DNS-Amplification.JPG" style="height: 388px; width: 620px;" /></P><P>Could you please set the action to "drop-all-packet" or "reset-both". So that, all packets matching with the signature of above mentioned Threat ID will be dropped by PAN.</P><P></P><P>Thanks</P></BODY></HTML> Thu, 12 Jun 2014 15:45:46 GMT https://live.paloaltonetworks.com/t5/general-topics/about-dns-amplification-attack-issue/m-p/7967#M5887 HULK 2014-06-12T15:45:46Z https://live.paloaltonetworks.com/t5/general-topics/about-dns-amplification-attack-issue/m-p/7968#M5888 <HTML><HEAD></HEAD><BODY><P>Hi HULK,</P><P>We already drop the "DNS Amplication Attack" . Thanks!</P><P></P><P>Vincent.</P><P></P><P><IMG alt="DNS Amplication Attack.jpg" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/13949_DNS Amplication Attack.jpg" style="height: 385px; width: 620px;" /></P></BODY></HTML> Mon, 16 Jun 2014 09:30:01 GMT https://live.paloaltonetworks.com/t5/general-topics/about-dns-amplification-attack-issue/m-p/7968#M5888 vincentsun 2014-06-16T09:30:01Z