About KiCheon.Lee

Hello Jeff, Thanks for your kindness. I have retried it as you helped. But I can not make button size is more bigger. Here is a my URL continue response page. Please let me know it why not. <html> <head> <title>Application Blocked</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <link rel="stylesheet" type="text/css" href="/styles/falcon_content.css?v=@@version"> <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE"> <style> #content{background-color:#f2f2f2;margin:40;padding:40;font-family:Tahoma,Helvetica,Arial,sans-serif;font-size:15px;}   h1{font-size:30px;font-weight:bold;color:#FF0000;line-height:90%;}   a{font-size:30px;font-weight:bold;color:#000000;line-height:90%;}   b{font-weight:bold;color:#000000;line-height:180%;}     input.buttonFixed {   font-weight: bold;   width: 800px;   margin: 5px 0px 4px 4px; } </style> </head> <body bgcolor="#f2f2f2"> <div id="content"> <table width="800" align="center" cellspacing="0" style="border-collapse:collapse;" height="425" border="0">   <tr>   <td align="center" height="80"><font face="맑은 고딕"><h1>해당 사이트의 메일 쓰기는 차단 됩니다.</h1></font></td>   </tr>     <tr>         <td width="800" height="220" valign="top" align="left">   <font face="맑은 고딕">   <h2>메일 확인은 로고 아래에 있는 "continue"를 클릭해 주세요. <h2>   <b>문의사항은 Helpdesk (02-1234-4567)로 연락 바랍니다.</b><br>             <b>사용자 : </b> <user/> <br>   <b>접속 URL : </b> <url/>   </font>   </td>   </tr>   <tr>   <td align="center" height="30">   <pan_form/>         </td>     </tr> </table> </div> </body> </html> ... View more

Hi Jeff, Thank you very much for your answer. Excuse me, please let me look at the full html. I am trying it. but web page does not go to next page when click "continue" Thanks, KC Lee ... View more

Hello jwolach, Did you find it out how continue button can be bigger? If you knew, please let me know it. My customer is also complaining. Thanks, KC Lee ... View more

Hello mmmccorkle, Thanks for your kind answer. I have a question more deep. What about below threats? 1) RIG Exploit Kit Detection (36683, 37561) 2) WGeneric.Gen Command and Control Traffic (13621, 14210) 3) Suspicious.Gen Command And Control Traffic (14035, 14137, 14155) 4) ANGLER Exploit Kit Detection (37744, 37796) These threat-IDs are also same each other. Thanks, KC Lee ... View more

Did you find it out why there are two threat IDs? If yes, please let me know it. Thanks, KC Lee ... View more

Do you know what method for key exchange else DH to access mgmt web ? ... View more

Thanks for your kind answer. I wrote wrong for case2. I mentioned the following sentences "case 2. <SKIP> If yes, my customer said there are "incomplete" and insufficient-data" logs on rule2 be allowed." I wanted to say "If yes, my customer said there are "incomplete" and insufficient-data" logs on rule1 be allowed." not rule2. I am so sorry. and I appreciate your watching patient for my question. Thanks, KC Lee ... View more

Hello, First, I want you know I don not speak English very well. I understood your mention. But I just want to know results on two cases what rule is matched. case 1. There are only two rules. rule1 ; source address any ; destination address any ; application bittorrnet ; service any ; action allow rule2 ; source address any ; destination address any ; application any          ; service any ; action deny in this case, you and I knew what packets before identified application are matched to rule1 and then PA will allow them. Packets After identified application are matched to rule2 and then PA will deny them. If session ended before identified application, PA will record as below log on traffic logs. "application incomplete or insufficient-data ; action allow , rule1" case 2. There are also only two rules rule1 ; source address any ; destination address any ; application bittorrent ; service any ; action deny rule2 ; source address any ; destination address any ; application any          ; service any ; action allow. I tested packets are matched what rule before indentified application. So I sent only syn-packet and not successful for 3-way handshake. I checked traffic logs and looked this a packet was matched to rule2 with incomplete. NOT rule1 with same "service any". Is it right? If yes, my customer said there are "incomplete" and insufficient-data" logs on rule2 be allowed. So I do not understand why it happen and I need your help. Thanks, KC Lee ... View more

Hello Steven Puluka, Thanks for your answer. I understand your detail explanation. But my customer does not want to allow any traffic on blocking rules. I had tested about it on another case. I sent a only syn packet to another destination IP else matched torrent rule IPs on traffic logs. This packet was matched allowing on "any any allow" rule, not torrent rule. So I think PA remember destination address and application and then when packets of same destination address receive, PA keep theses packets on previously matched rule by using application cache and allow it on this rule before identified application. So I expect if application cache was disable, packets before identified application will be matched "any any allow" rule. PA never allow any packet on blocking rule. Would be it right? If my thought is wrong, I hope to get your help. Thanks, KC Lee ... View more

In addition, both incomplete and insufficient-data are allowed by blocking torrent rule. ... View more