LIVEcommunity - About Yang_Chen

Yang_Chen · ‎02-08-2019

Thanks. I have opened a ticked.

Yang_Chen · ‎02-07-2019

hostname: Super ip-address: 10.10.10.10 netmask: 255.255.255.0 default-gateway: 10.10.10.60 ip-assignment: static ipv6-address: unknown ipv6-link-local-address: fe80::290:fbff:fe55:3d49/64 ipv6-default-gateway: mac-address: 00:90:fb:55:3d:49 time: Thu Feb 7 15:06:53 2019 uptime: 168 days, 17:23:57 family: 7000 model: PA-7050 serial: 010108001018 sw-version: 8.0.12 global-protect-client-package-version: 0.0.0 app-version: 8120-5288 app-release-date: 2019/02/05 17:31:22 av-version: 2882-3392 av-release-date: 2019/02/07 04:04:58 threat-version: 8120-5288 threat-release-date: 2019/02/05 17:31:22 wf-private-version: 0 wf-private-release-date: unknown url-db: paloaltonetworks wildfire-version: 109647-110819 wildfire-release-date: 2017/01/27 15:27:41 url-filtering-version: 20190207.20242 global-protect-datafile-version: unknown global-protect-datafile-release-date: unknown global-protect-clientless-vpn-version: 0 global-protect-clientless-vpn-release-date: unknown logdb-version: 8.0.16 platform-family: 7000 vpn-disable-mode: off multi-vsys: on operational-mode: normal

Yang_Chen · ‎02-07-2019

Here's the screenshot.

Yang_Chen · ‎02-07-2019

Our firewall detected a spyware " C2-Bitsight-Prirrit" with threat id 15006. But I can't find any information about this spyware on Palo Alto's support site. The id seems non-exist. Could it be a mistake?

Yang_Chen · ‎10-24-2018

Hi there, My clients have two sites rufs.ca and battleonbay.ca which have been designated as malicious. They have investigated and determined that it was caused by a theme they downloaded with maliciuos code. They have modified the original theme to remove the malicious contents. Could you please remove the sites from the malicious site list? Thanks, Yang

Yang_Chen · ‎06-01-2017

We've set up DNS sinkhole and it works as expected. We're able to find out which IP addresses tried to access malious sites. However, we won't be able to see the URLs these IPs were trying to access. We're thinking of building a honeypot (or maybe something else) to accept access requests from these IPs and set the sinkhole IP addrss to this machine. That way we will be able to record the URLs these IPs try to access. Does anyone know what software we can use to acheive this goal? All we need is to finish three-way handshake and record the URL requested.

Yang_Chen · ‎09-23-2013

We have a cluster of two PA-5060 running in active-passive mode. Two 10G interfaces are configured as an aggregated interface. They are connected to two Avaya 8600 switches which are running SMLT. Whenever a failover happens, the aggregated interface fails. We have to unplug and re-plug in the cable to make the interface start working again. Shutting down the interfaces and re-activating them doesn't help. Anyone has similar experience?

Member Since	‎05-09-2013 06:35 AM
Date Last Visited	‎03-26-2021 09:53 AM
Posts	7

Online Status	Offline
Date Last Visited	‎03-26-2021 09:53 AM

Re: unknown threat name

Re: unknown threat name

Re: unknown threat name

unknown threat name

Request to remove sites from threat category

Re: unknown threat name

Re: unknown threat name

Re: unknown threat name

unknown threat name

Request to remove sites from threat category

DNS Sinkhole and Honeypot to Record URLs accessed

Having trouble with link aggregation using 10G ports

Network Security

Cloud Security

Security Operations