https://live.paloaltonetworks.com/t5/general-topics/disabled-vulnerability-signatures-ftp-evasion-attack-id-30401/m-p/9177#M6711 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>Could someone explain me why signature FTP evasion attack (id:30401) was disabled in thread update version 453?</P><P></P><P>This signature wasn't replaced by new one. Bruteforce attacs on FTP serwers still exist and nothing will change in this case.</P><P></P><P></P><P>With regards</P><P>SLawek</P></BODY></HTML> Mon, 08 Sep 2014 07:45:02 GMT _slv_ 2014-09-08T07:45:02Z https://live.paloaltonetworks.com/t5/general-topics/disabled-vulnerability-signatures-ftp-evasion-attack-id-30401/m-p/9177#M6711 <HTML><HEAD></HEAD><BODY><P>Hello</P><P></P><P>Could someone explain me why signature FTP evasion attack (id:30401) was disabled in thread update version 453?</P><P></P><P>This signature wasn't replaced by new one. Bruteforce attacs on FTP serwers still exist and nothing will change in this case.</P><P></P><P></P><P>With regards</P><P>SLawek</P></BODY></HTML> Mon, 08 Sep 2014 07:45:02 GMT https://live.paloaltonetworks.com/t5/general-topics/disabled-vulnerability-signatures-ftp-evasion-attack-id-30401/m-p/9177#M6711 _slv_ 2014-09-08T07:45:02Z https://live.paloaltonetworks.com/t5/general-topics/disabled-vulnerability-signatures-ftp-evasion-attack-id-30401/m-p/9178#M6712 <HTML><HEAD></HEAD><BODY><P>Some update... there is another one signature "FTP: login Brute-force attempt id:40001", so 30401 was for different purposes.</P></BODY></HTML> Mon, 08 Sep 2014 08:05:44 GMT https://live.paloaltonetworks.com/t5/general-topics/disabled-vulnerability-signatures-ftp-evasion-attack-id-30401/m-p/9178#M6712 _slv_ 2014-09-08T08:05:44Z https://live.paloaltonetworks.com/t5/general-topics/disabled-vulnerability-signatures-ftp-evasion-attack-id-30401/m-p/9179#M6713 <HTML><HEAD></HEAD><BODY><P>Hello Slv,</P><P></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;">Content version 453, which was shipped on 9/3/2014, contained an erroneous entry. The last entry indicated that Threat ID 30401, "FTP Evasion Attack" had been disabled, when in fact no changes were made to this signature as part of content release 453. </SPAN>Please find below a KB article for the same: <A href="https://live.paloaltonetworks.com/docs/DOC-7813">Release Notes Error for Content 453</A></P><P></P><H3 style="color: #227aa2; font-size: 1.2em; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif;">Disabled Vulnerability Signatures (1)</H3><TABLE height="71" style="border: none; font-family: Tahoma, Verdana, Arial, Helvetica, sans-serif; width: 751px; height: 67px;" width="751"><TBODY><TR><TH style="color: #ffffff; font-size: 12px; background-color: #999999;" width="71">Severity</TH><TH style="color: #ffffff; font-size: 12px; background-color: #999999;" width="71">ID</TH><TH style="color: #ffffff; font-size: 12px; background-color: #999999;">Attack Name</TH><TH style="color: #ffffff; font-size: 12px; background-color: #999999;" width="105">CVE ID</TH><TH style="color: #ffffff; font-size: 12px; background-color: #999999;" width="80">Vendor ID</TH><TH style="color: #ffffff; font-size: 12px; background-color: #999999;" width="18%">Default Action</TH><TH style="color: #ffffff; font-size: 12px; background-color: #999999;" width="18%">Minimum PAN-OS Version</TH></TR><TR><TD class="red" style="padding-right: 5px; padding-left: 5px; font-size: 12px; text-align: center; background-color: #ef3942;">critical</TD><TD style="padding-right: 5px; padding-left: 5px; font-size: 12px; background-color: #eeeeee;">30401</TD><TD style="padding-right: 5px; padding-left: 5px; font-size: 12px; background-color: #eeeeee;">FTP evasion attack</TD><TD style="padding-right: 5px; padding-left: 5px; font-size: 12px; background-color: #eeeeee;"></TD><TD style="padding-right: 5px; padding-left: 5px; font-size: 12px; background-color: #eeeeee;"></TD><TD style="padding-right: 5px; padding-left: 5px; font-size: 12px; background-color: #eeeeee;">alert</TD><TD style="padding-right: 5px; padding-left: 5px; font-size: 12px; background-color: #eeeeee;">3.1.0</TD></TR></TBODY></TABLE><P></P><P></P><P>Hope this helps.</P><P></P><P>Thanks</P></BODY></HTML> Mon, 08 Sep 2014 13:31:26 GMT https://live.paloaltonetworks.com/t5/general-topics/disabled-vulnerability-signatures-ftp-evasion-attack-id-30401/m-p/9179#M6713 HULK 2014-09-08T13:31:26Z https://live.paloaltonetworks.com/t5/general-topics/disabled-vulnerability-signatures-ftp-evasion-attack-id-30401/m-p/9180#M6714 <HTML><HEAD></HEAD><BODY><P>Thank You</P></BODY></HTML> Mon, 08 Sep 2014 17:38:00 GMT https://live.paloaltonetworks.com/t5/general-topics/disabled-vulnerability-signatures-ftp-evasion-attack-id-30401/m-p/9180#M6714 _slv_ 2014-09-08T17:38:00Z