For details on cookie usage on our site, read our Privacy Policy
Disabled Vulnerability Signatures: FTP evasion attack (id:30401)
- LIVEcommunity
- Discussions
- General Topics
- Re: Disabled Vulnerability Signatures: FTP evasion attack (id:30401)
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-08-2014 12:45 AM
Hello
Could someone explain me why signature FTP evasion attack (id:30401) was disabled in thread update version 453?
This signature wasn't replaced by new one. Bruteforce attacs on FTP serwers still exist and nothing will change in this case.
With regards
SLawek
- Labels:
-
Configuration
-
Content-ID
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-08-2014 06:31 AM
Hello Slv,
Content version 453, which was shipped on 9/3/2014, contained an erroneous entry. The last entry indicated that Threat ID 30401, "FTP Evasion Attack" had been disabled, when in fact no changes were made to this signature as part of content release 453. Please find below a KB article for the same: Release Notes Error for Content 453
Disabled Vulnerability Signatures (1)
| Severity | ID | Attack Name | CVE ID | Vendor ID | Default Action | Minimum PAN-OS Version |
|---|---|---|---|---|---|---|
| critical | 30401 | FTP evasion attack | alert | 3.1.0 |
Hope this helps.
Thanks
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-08-2014 01:05 AM
Some update... there is another one signature "FTP: login Brute-force attempt id:40001", so 30401 was for different purposes.
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-08-2014 06:31 AM
Hello Slv,
Content version 453, which was shipped on 9/3/2014, contained an erroneous entry. The last entry indicated that Threat ID 30401, "FTP Evasion Attack" had been disabled, when in fact no changes were made to this signature as part of content release 453. Please find below a KB article for the same: Release Notes Error for Content 453
Disabled Vulnerability Signatures (1)
| Severity | ID | Attack Name | CVE ID | Vendor ID | Default Action | Minimum PAN-OS Version |
|---|---|---|---|---|---|---|
| critical | 30401 | FTP evasion attack | alert | 3.1.0 |
Hope this helps.
Thanks
- Vulnerability Protection Profile action drop, but still forwards packets in Next-Generation Firewall Discussions
- Threat ID in the ranges between 8700-8799, Packet Based Attacks Protections in "Zone Protection" profiles in Threat & Vulnerability Discussions
- Access Palo Alto HTML Files in General Topics
- TCP 443 Web Server Allows Password Auto-Completion in General Topics
- How to remove SSH weak algorithms and not impact ipsec tunnels. in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
