01-21-2018 12:53 PM
I have a customer who asked about traffic which he saw on his Firewall.
I looked in firewall logs from several others customers and find the same IP address. It is always a HTTP oder HTTPS connection.
The traffic is coming from the 70.42.131.170. According to several internet sources this IP address belongs to PaloAlto Networks
https://whatismyipaddress.com/ip/70.42.131.170
Because neither the PaloAlto Website or Google could gave me an answer on this and this not really worth a support case, i thought to place this question here. I think this might be a web crawler or something like this?!
I hope someone can clearfy this
Regards.
01-22-2018 02:16 AM
Hello Matthias,
It's indeed a IP address belonging to Palo Alto Networks. We crawl on a regular basis URLs from a variety of different sources to better identify and prevent potentially malicious content.
HTH
01-22-2018 02:16 AM
Hello Matthias,
It's indeed a IP address belonging to Palo Alto Networks. We crawl on a regular basis URLs from a variety of different sources to better identify and prevent potentially malicious content.
HTH
02-06-2018 07:33 AM
This IP Address has been spamming my network, 4.5 million events since early october~~. This is setting off IDS alerts and taking away time from our team to research. This seems really excessive for a web crawler does it not? It's constant 35,000 - 39,000 events per day.
Can you stop, or do we just blacklist you?
02-06-2018 07:37 AM
image.
02-06-2018 07:41 AM
Would it be reasonable to ask PAN to release the IP Range of IPs that they use for web crawling/scanning? We could create our own security policy so these events won't log and note that it is our security vendor crawling us.
Thanks, Rags
02-06-2018 07:46 AM
thats an interesting idea.
A bit more transperncy with this ip addresses or lets say "services" would be nice.
02-06-2018 08:34 AM
If you have any inquiries related to that traffic, please open a support ticket and our support team will help you and figure out how to make it more convenient for you.
Regards,
02-06-2018 08:56 AM
@khuynh That's a really laxed response for a security related incident that you're responsible for. Why would I need to make a TAC when you're the person who is apparently involved in the scanning/web crawling activity? PAN should have this published to customers so we do not have to use resouces to researching a potentional security issue.
Thanks I will make a TAC, and I have changed my mind and removed you from my friends list.
Regards,
02-06-2018 09:08 AM
I didn't mean to be rude, sorry if you feel that.
I do work for Palo Alto as a SE, but I'm not responsible for the scanning of our internal teams. I have in my region several customers who have the same concerns as you, and I want you to have the most detailed answer and the best solution for you. The best way to figure out a good solution for your environnement is to go through our TAC, who will be able to deliver the best solution that fits you, depending on your architecture, devices, licenses, and so on.
A little bit sad to hear that we are not friend anymore on Live ;), but I will still go on and try to help people here to the best of my knowledge.
Regards,
PS: Feel free to drop me an email if you want to continue this discussion.
02-06-2018 09:17 AM
Thanks for the additional information @khuynh
>I have in my region several customers who have the same concerns as you
At this point what solutions do you provide for them? If you have previously asked them to open a TAC was there any resolution found that you can share? I really just want to know if this is a single 1-off IP Address, or if this web crawling traffic will be coming from an entire PAN IP Address subnet. We can then create our own settings that would be best to mitigate this traffic.
Thanks, -Rags
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!