This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About banny6
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About banny6
09-27-2021
3Posts
0Likes
0Solutions
Sep 27, 2021Last Visited
User
Activity
User
Profile
Latest posts by banny6
| Subject | Views | Posted |
|---|---|---|
| 1531 | 09-27-2021 02:36 PM | |
| 1606 | 09-27-2021 01:52 PM | |
| 1773 | 09-26-2021 03:07 AM |
User Badges
Community Statistics
| Member Since | 09-26-2021 02:54 AM |
| Date Last Visited | 09-27-2021 06:00 PM |
| Posts | 3 |
09-27-2021
02:36 PM
There are two DNS netstat UDP session always existed there. udp 0 0 192.168.1.250:49978 terror.inconifre:domain ESTABLISHED udp 0 0 192.168.1.250:38490 hosted-by.leasew:domain ESTABLISHED 192.168.1.250 is my PA-3020 interface IP address, from web GUI, if reset this DNS session, it will spawn new DNS session automatically. but I never configure that two DNS server. not sure which process launch this rogue DNS session.
... View more
09-27-2021
01:52 PM
Thanks. Here are the process info. I found PA-3020 box sent DNS traffic to two rogue DNS servers which I didn't configure them at all. the rogue DNS traffic just less than 1M size. in the traffic session, even I clear it. this DNS session will re-connection again. > show system resources | match syslog 1584 20 0 1888 640 528 S 0.0 0.0 1:24.62 syslogd 3282 20 0 16156 1308 472 S 0.0 0.0 0:00.00 syslog-ng 3283 20 0 16556 2988 1716 S 0.0 0.1 0:02.59 syslog-ng > show system resources | match nginx 2410 20 0 38040 5984 4604 S 0.0 0.2 0:00.03 nginx 2797 nobody 20 0 53388 5760 3348 S 0.0 0.1 8:42.71 nginx > show system resources | match app 1774 0 -20 48836 13m 4052 S 0.0 0.4 82:14.46 masterd_apps 6800 nobody 20 0 155m 50m 9080 S 0.0 1.3 78:49.51 appweb3 6804 nobody 20 0 107m 12m 6440 S 0.0 0.3 2:31.24 appweb3 6811 nobody 20 0 104m 10m 6656 S 0.0 0.3 2:25.38 appweb3 > show system resources | match packet 3861 20 0 12468 4920 3016 S 0.0 0.1 66:10.54 packet_path_pin
... View more
09-26-2021
03:07 AM
I have a PA3020 with 7.0.5-h2 PAN-os version. I noticed that it have a lot of DNS traffic sent to strange IP address. when I running show system resources command. I found strange process nginx and two syslog-ng there. Is it normal, how to get rid of them ? 2797 nobody 20 0 53388 5712 3344 S 0.0 0.1 8:19.70 nginx 6804 nobody 20 0 107m 12m 6472 S 0.0 0.3 2:11.43 appweb3 6811 nobody 20 0 104m 10m 6704 S 0.0 0.3 2:06.39 appweb3 3282 20 0 16156 1308 472 S 0.0 0.0 0:00.00 syslog-ng 3283 20 0 16556 2988 1716 S 0.0 0.1 0:02.53 syslog-ng 3861 20 0 12468 4920 3016 S 0.0 0.1 64:36.48 packet_path_pin 6804 nobody 20 0 107m 12m 6472 S 0.0 0.3 2:11.43 appweb3 6811 nobody 20 0 104m 10m 6704 S 0.0 0.3 2:06.39 appweb3
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-27-2021
06:00 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks