This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Dropbox Signature Change?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Dropbox Signature Change?

CRHC
L4 Transporter

‎10-24-2011 01:09 PM

Hello,

We have for some time now blocked the use of Dropbox (as an app) and only allow a few users access, based on a domain group.  Over last couple of weeks have noticed activity where non allowed users are able to access the application. In my initial investigation, it appears the sessions are not falling into the "dropbox" application object - but rather straight "SSL".  Still investigating.  I have placed a request with App Research Center to verify if DropBox changed their signatures.  Curious if anyone has seen this also or if known by support.  Thanks!

Mike

0 Likes Likes
5 REPLIES 5

ggarrison
L4 Transporter

‎10-24-2011 01:24 PM

Mike,

As Dropbox uses a proprietary protocol for its file transfers, the signature is dynamic and can change over time.  If the content and threat detection engine is unable to match the specific signature that we have in our database for dropbox, it will fall back and identify it as SSL.  If you wish to submit the application to have a new signature generated, please do so using the following link:

< http://www.paloaltonetworks.com/researchcenter/submit-an-application/ >

It appears that you may have already submitted the request in the correct location.  You can check the release notes for each content update to see if dropbox signatures have been updated.

-Graham

CRHC
L4 Transporter
In response to ggarrison

‎10-26-2011 01:49 PM

Thank you Graham!

That is a great explanation - appreciate it.  Now I have a better explanation to tell our compliance folks.  I did place a request to have it looked at.  Didn't make it in this week's content update - but will watch for it in a future update.


Cheers,

Mike

0 Likes Likes

CRHC
L4 Transporter
In response to ggarrison

‎10-26-2011 01:52 PM

Forgot to ask.  If we were running the SSL decryption - would that provide a sort of failover back to straight SSL - for the application object blocking? Or is the application objects independent of decryption? Thanks!

0 Likes Likes

gswcowboy
L6 Presenter
In response to CRHC

‎10-26-2011 01:56 PM

Due to the nature of Dropbox or possibly the company cert, it has been listed as an app excluded from ssl decryption.

https://live.paloaltonetworks.com/docs/DOC-1423

0 Likes Likes

EdwinD
L3 Networker
In response to gswcowboy

‎08-29-2012 03:03 PM


I believe this signature needs updated.   The current version of Dropbox failes to "establish secure connection" when decription is enabled, regardless of the fact that Palo Alto has an exclusion.     4.1.7, with all of the latest dynamic software signatures installed.

I believe this might be because Dropbox is making use of the Amazon S3 network, which may have a different SSL certificate.  I am not certain that this is the issue, but it looks likely.

0 Likes Likes
  • 4004 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks