How to "fix" vulnerabilities.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to "fix" vulnerabilities.

L2 Linker

Hi,

I have a lot of vulnerabilities that keeps triggering in my firewall, but I'm not sure whats causing it or how to fix it. 

Most "attacks" are done by servers or clients on my own network...

- Microsoft Windows SMB Fragmentation RPC Request Attempt (14K).  Any ideas how to fix this.

- HTTP Forbidden Error (7K).  This would make sende if it was 30-40 alerts, but not 7K in the last 30 days.

- HTTP WWW-Authentication Failed (4K).  Could this be caused by the exchange client?

- DNS Answer Big TXT Record Response Anomaly (1K)

Thank you

2 REPLIES 2

Not applicable

Hey johnd,

We're in the same boat.  We get many vulnerability hits internally of the same type as yours.

The thing to do seems to be to open a case with PAN support for each vuln.  It's best to start with the ones that are blocking traffic rather than just alerting you.  Then, IMHO, go for the ones that are most annoying  Smiley Happy and are most easily reproduced.  PAN support will most likely ask you to reproduce the alert with packet capturing on and to add the files or other data to the case that's being transmitted when the vulnerability is identified.

The end result may be surprising.  We generated a case because traffic between our Microsoft SCCM servers and their clients generated many thousands of 40026:  SSL Renegotiation Denial of Service vulnerabilities.  We did the packet captures and submitted file samples.  PAN support came back and said that, yes indeed, this is vulnerable traffic.  There seemed to be no more recourse with PAN support; we could then go to Microsoft to see why they're transmitting vulnerable traffic as part of their protocols.  In the end, we decided to keep the Microsoft SCCM servers running as they were and supress the alerts on the Palo Altos.

L4 Transporter

In most contexts, I would say these 4 alerts should be ignored, so disabled.

  • 2617 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!