2960X - WAN and DMZ on same switch separated by vlans?

the title says it pretty much. Trying to consolidate a 24 port switch that only uses 3 ports with another 24 port that is only using 2 ports.

How safe/comfortable would you be if you used the same switch for DMZ and WAN traffic, but separate them b

DNS Tunneling

Im trrying to detect dns tunneling with custom signatures.

i have some snort rules to begin.

some of you have any strategies for this?

Virus/Win32.WGeneric.aeulpb (297499053)

Hi Community,

We are seeing this signature in our environment for ms-ds-smbv3 application. PAN is marking the internal traffic as 'virus' before resetting it on both ends.

Any suggestions what would be the investigation process for it. What are we lo

Microsoft Directory Services/ms-ds-smbv3 - /Virus/Win32.WGeneric.badouv

Hello,

We are seeing so many alerts in the threat logs that are linked to:

Virus/Win32.WGeneric.badouv

Name: Virus/Win32.WGeneric.badouv

Unique Threat ID: 398700357

Create Time: 2021-02-03 13:41:24 (UTC)

Threat ID: 1103259

Current Release: 3615 (2021-02-03

SkyVPN - Really a C2 threat?

Hi, I have just spotted a treat alert of SkyVPN C2 traffic (ID 18871) in my logs and looked at the entry on the Threat Vault.  This seems to be quite an old detection but when I looked around for any further information regarding SkyVPN, I couldn't s

Port Scans & Telnets on a PA running 8.0

I am new to the world of PA and next gen firewalls and took some online training.  I discovered that in the Traffic Proccessing phase before App ID gets applied in the Security Policy that the session is already allowed to start if the layer 4 ports

Zone protection on sub interfaces

Apologies if this is going over old ground but I have an issue with zone protection and am stumped trying to work out what it is.

I have configured and applied the zone protection profile to a layer3 sub-interface, when I test against it with crafted

Anyone know where Palo is on NAT Slipstreaming V2?

Hello,

Just curious if there is a definition for the new variant referenced here: https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/

Thank you!

Amazon CDN triggering lots of 38716 threats (library loading elevation of privilege)

Hello,

Have anyone else noticed a very large flood of triggered 38716 threat warnings comming from Amazon CDN? That is just a very short fragment:

SMB: User password brute force

We have been seeing SMB: User Password Brute Force Attempt threats coming into our logs.  We are not seeing a UN accompanied with the the traffic and the are using port 445.  This just popped up recently and we are not seeing anything malicious on th

Minemeld service doesn't start and cannot access the web page giving 403 error

hello,

we have an issue in minemeld service disabling access to the web server giving 403 error.

The details is in screeshots.

Any help please ?