Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- CN-Series
- VM-Series:
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
About banny6
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About banny6
a month ago
3Posts
0Likes
0Solutions
Sep 27, 2021Last Visited
User
Activity
User
Profile
Latest posts by banny6
| Subject | Views | Posted |
|---|---|---|
| 175 | a month ago | |
| 189 | a month ago | |
| 351 | 09-26-2021 03:07 AM |
User Badges
Community Statistics
| Member Since | 09-26-2021 02:54 AM |
| Date Last Visited | a month ago |
| Posts | 3 |
a month ago
There are two DNS netstat UDP session always existed there. udp 0 0 192.168.1.250:49978 terror.inconifre:domain ESTABLISHED udp 0 0 192.168.1.250:38490 hosted-by.leasew:domain ESTABLISHED 192.168.1.250 is my PA-3020 interface IP address, from web GUI, if reset this DNS session, it will spawn new DNS session automatically. but I never configure that two DNS server. not sure which process launch this rogue DNS session.
... View more
a month ago
Thanks. Here are the process info. I found PA-3020 box sent DNS traffic to two rogue DNS servers which I didn't configure them at all. the rogue DNS traffic just less than 1M size. in the traffic session, even I clear it. this DNS session will re-connection again. > show system resources | match syslog 1584 20 0 1888 640 528 S 0.0 0.0 1:24.62 syslogd 3282 20 0 16156 1308 472 S 0.0 0.0 0:00.00 syslog-ng 3283 20 0 16556 2988 1716 S 0.0 0.1 0:02.59 syslog-ng > show system resources | match nginx 2410 20 0 38040 5984 4604 S 0.0 0.2 0:00.03 nginx 2797 nobody 20 0 53388 5760 3348 S 0.0 0.1 8:42.71 nginx > show system resources | match app 1774 0 -20 48836 13m 4052 S 0.0 0.4 82:14.46 masterd_apps 6800 nobody 20 0 155m 50m 9080 S 0.0 1.3 78:49.51 appweb3 6804 nobody 20 0 107m 12m 6440 S 0.0 0.3 2:31.24 appweb3 6811 nobody 20 0 104m 10m 6656 S 0.0 0.3 2:25.38 appweb3 > show system resources | match packet 3861 20 0 12468 4920 3016 S 0.0 0.1 66:10.54 packet_path_pin
... View more
09-26-2021
03:07 AM
I have a PA3020 with 7.0.5-h2 PAN-os version. I noticed that it have a lot of DNS traffic sent to strange IP address. when I running show system resources command. I found strange process nginx and two syslog-ng there. Is it normal, how to get rid of them ? 2797 nobody 20 0 53388 5712 3344 S 0.0 0.1 8:19.70 nginx 6804 nobody 20 0 107m 12m 6472 S 0.0 0.3 2:11.43 appweb3 6811 nobody 20 0 104m 10m 6704 S 0.0 0.3 2:06.39 appweb3 3282 20 0 16156 1308 472 S 0.0 0.0 0:00.00 syslog-ng 3283 20 0 16556 2988 1716 S 0.0 0.1 0:02.53 syslog-ng 3861 20 0 12468 4920 3016 S 0.0 0.1 64:36.48 packet_path_pin 6804 nobody 20 0 107m 12m 6472 S 0.0 0.3 2:11.43 appweb3 6811 nobody 20 0 104m 10m 6704 S 0.0 0.3 2:06.39 appweb3
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
a month ago
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2021 - Palo Alto Networks
