This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Google-Search display captcha

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Google-Search display captcha

Ketchup
L0 Member

‎09-16-2015 10:45 AM - edited ‎09-16-2015 10:46 AM

Hello all

 

Our users getting more and more captcha-messages on google-search with the following explanation:
https://support.google.com/websearch/answer/86640?hl=en

 

After entering the captcha, google-search works for a while an then the same message is displayed again.

 

We have a NAT pool of several public ip addresses and configured outgoing ssl-decryption.
Does anybody have solution to block this 'unusal traffic' or at least to detect it with palo?

6 people had this problem.
0 Likes Likes
3 REPLIES 3

preskok
L0 Member

‎09-20-2015 12:37 PM

we are using Virtual Wire configuration 

0 Likes Likes

reaper
Cyber Elite
Cyber Elite

‎09-21-2015 01:46 AM

Hi

 

Have you made sure the security policy used by your outbound traffic has been configured to use a full set of security profiles?

 

If no malicious outbound traffic is being detected, it may be good to take a look at the botnet reports, these may containt reports on traffic that can be considered suspicious but not necessarily malicious. The botnet report is generated using a set of heuristics to match odd behavior, commonly seen by a botnet command&control network. This may help shed some light on why google is reporting

 

2015-09-21_10-38-25.png

Tom Piens
PANgurus - Strata specialist; config reviews, policy optimization
0 Likes Likes

Remo
L7 Applicator

‎09-27-2015 11:42 PM

Hi @Ketchup

 

Try to check in your logs if you have incomplete sessions to google ip ranges. Actually we have the same issue, and also no solution till now but I am now trying to verify why there are these incomplete sessions. Maybe this is the next step to get to a solution.

With this filter you should find the session I mean:

((addr.dst in 64.18.0.0/20) or (addr.dst in 64.233.160.0/19) or (addr.dst in 66.102.0.0/20) or (addr.dst in 66.249.80.0/20) or (addr.dst in 72.14.192.0/18) or (addr.dst in 74.125.0.0/16) or (addr.dst in 108.177.8.0/21) or (addr.dst in 173.194.0.0/16) or (addr.dst in 207.126.144.0/20) or (addr.dst in 209.85.128.0/17) or (addr.dst in 216.58.192.0/19) or (addr.dst in 216.239.32.0/19)) and (app eq incomplete)

 

Regards,

Remo

0 Likes Likes
  • 3949 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks