12-13-2023 09:36 AM
secshow.net and secshow.online DNS traffic happening for us too, public IP to Public IP. The URLs not matching with typical syntax for DNS tunnelling so I don't think that's what's happening. One domain owned by alibaba.
Ever since the upgrade in October to 10.1.11 this has been happening - did not see any patch notes about this or DNS. Many changes though in this release.
Upgrading to 10.2.7 soon and wondering if this will fix it.
@JayGolf - if palo has any updates or communications for their customers about this it would be great. Seems like a widespread issue that hasn't been communicated. Given that this is setting off security alerts some sort of note would be great that Palo is at least aware if this is a bug and is working on a fix.
