- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
11-08-2018 01:34 AM
Hello, all
I am testing Anti-Spyware DNS sinkhole. I set:
I make policy with this profile.
For most DNS-names in category “Malware” и “Command and Control” (https://threatvault.paloaltonetworks.com/) i see nslookup answer, for example:
Addresses: ::1
127.0.0.1
And it is good.
But for two DNS-names: namecha.in, 4cdf1kuvlgl5zpb9.pmr.cc (Malware category too) sinkhole is not working and i see ip-adresses in nslookup answer.
What can be wrong? I need advice.
Yes, i can make my own external dynamic list, but why standart not working for malware?
11-08-2018 06:52 AM
While namecha.in is present in the PAN-DB URL Classifications it doesn't look like it currently actually has an active DNS Signature in place, which is what the Sinkhole process would trigger on. It was first released in 2732, but it's not showing as being active in a current release. The other domain has the same issue, it isn't showing as having a current active signature.
11-08-2018 06:52 AM
While namecha.in is present in the PAN-DB URL Classifications it doesn't look like it currently actually has an active DNS Signature in place, which is what the Sinkhole process would trigger on. It was first released in 2732, but it's not showing as being active in a current release. The other domain has the same issue, it isn't showing as having a current active signature.
11-08-2018 09:18 PM
Hello, BPy
It is clear for me now, what PAN-DB URL database is not same as PA DNS Signature database.
Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!