This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

URL Filtering

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

URL Filtering

Go to solution
FIDELE
L1 Bithead

‎02-06-2020 02:52 AM

http://shodan.io/ URL is categorized as hacking website.

Can someone advise as internal users want access to it?

1 person had this problem.
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
hisingh
L4 Transporter
In response to FIDELE

‎02-06-2020 09:22 AM

Yes, it is a hacking website. 

you can check it here: https://urlfiltering.paloaltonetworks.com/query/

Himani Singh

View solution in original post

0 Likes Likes
9 REPLIES 9

Go to solution
SutareMayur
L6 Presenter

‎02-06-2020 06:59 AM

Checked reputation of this url and not seeing any poor reputation of it. Some of the sites are categorizing it under internet and info.

 

https://talosintelligence.com/reputation_center/lookup?search=shodan.io

https://www.brightcloud.com/tools/url-ip-lookup.php

 

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks
0 Likes Likes

Go to solution
hisingh
L4 Transporter

‎02-06-2020 07:16 AM - edited ‎02-06-2020 07:20 AM

Hello Fidele,

 

I understand that you want to access 'shodan.io' and it was blocked as a hacking site. There are a couple of ways.

(a) you can override your URL filtering object and allow hacking sites.

(b) Depending on the PAN-OS, you can add one site in exception as a white list

(c) you can create a custom URL object and allow it.

(d) If you only want to allow for one user, you can create a policy based on the user, and URL 

some useful documents.

https://docs.paloaltonetworks.com/pan-os/7-1/pan-os-admin/url-filtering/url-filtering-concepts/url-c...

https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-admin/url-filtering/url-filtering-concepts/block...

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CltmCAC

 

Thanks

Himani

 

Himani Singh
0 Likes Likes

Go to solution
SutareMayur
L6 Presenter
In response to hisingh

‎02-06-2020 08:07 AM

Yes this can be done or else add object as fqdn "shodan.io" and allow it in policy. But it will allow only 'shodan.io' but not *.shodan.io.

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks
0 Likes Likes

Go to solution
FIDELE
L1 Bithead
In response to SutareMayur

‎02-06-2020 08:17 AM

Thank you for response. Actually before i do anything, i d like to know if indeed it s hacking website as PaloAlto Firewall categorizes it. I am running PAN-OS 8.1.10

 

0 Likes Likes

Go to solution
SutareMayur
L6 Presenter
In response to FIDELE

‎02-06-2020 08:33 AM

Its not specific to PAN version. On my firewall (running on 9.0.3) also getting categorized under hacking site. I checked on few sites and reputation of this url is not listed as poor. Please check my earlier reply.

M

Check out my YouTube channel - https://www.youtube.com/@NetworkTalks
0 Likes Likes

Go to solution
hisingh
L4 Transporter
In response to FIDELE

‎02-06-2020 09:22 AM

Yes, it is a hacking website. 

you can check it here: https://urlfiltering.paloaltonetworks.com/query/

Himani Singh
0 Likes Likes

Go to solution
FIDELE
L1 Bithead
In response to hisingh

‎02-06-2020 11:42 AM

Thank you very much for your time and feedback

0 Likes Likes

Go to solution
emir.ay
L0 Member

‎03-11-2020 05:55 PM

Visitors on our network can't access to the google drive from web anymore, the application on phone works fine. Anything that I can do about it?

0 Likes Likes

Go to solution
svanloenen
L0 Member

‎06-26-2020 07:53 AM

Shodan is not a hacking site per se.  They will port scan all your addresses and will post what vulnerabilities they find.  Obviously, you do not want these advertised as the bad actors will use this database to prey on those who are vulnerable.  It is best to just block these addresses....but there are alot of them.  Some times its a bit of wack-a-mole as well.  There are other companies out there that do the same thing as Shodan (such as Digital Ocean).  

I would like to see Palo-Alto maintain a dynamic list for these shady characters.

 

 

0 Likes Likes
  • 1 accepted solution
  • 10312 Views
  • 9 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks