Teardrop Packet Buffer Overflow - SCCM TFTP

Hello,

On our PA-5220 we hade 3 instances when our Packet Buffer Protection has been crippled by traffic from an SCCM server to a host.
Protocol TFTP UDP,  when VM's gone threw PXE boot and on file transfers from SCCM.

Symptoms are that latency goes upp

Severity High and medium action are getting allow instead of block

Hi All,

After upgrade to 9.1.5, i noticed the Severity level high and medium threat actions are allowed and some of them are getting sinkhole. Please let us know if anyone knows why it's getting alert instead of the block in high severity. Attached sc

RE: Egregor Ransomware attack on Palo Alto

Dear Team,

PAN OS Version: 8.1.12

PAN MODEL:  PA-3020

If Palo Alto have a valid signature of this Egregor Ransomware attack ? 

Also please check whether Palo Alto has any FAQ related to Egregor Ransomware.

Signature
ReleasePost-7.1
Domain Name
Type

Name: g

reverse TCP shells and other potential backdoor connections

Hi Team,

Just one of our customer received an security query points where they wanted the firewall to block reverse TCP shells and other potential backdoor connections.

For backdoor i have went through the backdoor signatures in threat vault.

So we ha

Want to report False Positive - HT Work Focus

Hi Team,

I want to report a false positive detection on VirusTotal for our product - HT Work Focus, its executable file - wmime.exe

We make parental controls and productivity management software for more than 10 years and have thousands of customers.

Palo Alto Networks Security Advisory - PAN-SA-2018-0003

Hello,

Does anyone know if this is only for authenticated users to the management inteface or if an unauthenticated attacker could possible exploit this?

Thanks in advance!

ProxyGate.net

Tips appreciated on how to identity and potentially block proxygate.net clients on a campus network.  Proxygate is not necessarily a benign tool. Bad actors can look for proxygate clients embedded on networks and use them to get a foothold on the net

Request to add to PA curated IP lists?

Is there a way to request IPs are added to curated IP lists?  Or is there a preferred dynamic list of IP abusers that you use with your PA?  

Thanks very much for your assistance.  Please forgive me, I am new to Palo Alto.

file blocking by size

How to block download file by size os 9.1 ??

Unable to resolve internal url's after implementing dns security.

I only would like to know if we add *.domain.in in External dynamic list and if we call that EDL in Antispyware profile with action Alert, then EDL will take preference with alert action and exclude it or DNS security will take preference with sinkho

It's possible to block custom file hash-256 in Palo alto.

It's possible to block custom file hash-256 in Palo alto.

Please let me know how I can check the respective file hashes disposition at a wildfire, either it is in block or not.

Here is below the file hashes need to know for disposition.

• f743c0849d69b5

MineMeld sweet32/upgrade?

Getting sweet32 detected on mindmeld server. Trying and failing to update.

What is update process for Ubuntu 16.04.6 LTS ?

login screen:

141 packages can be updated.
91 updates are security updates.

New release '18.04.3 LTS' available.
Run 'do-release-upg