About dill

MS14-066 is *not* addressed in PAN Threat Release Version 469.  Although it is an emergency release, new filters are added for MS14-064 + MS14-065.  MS14-066 is still nowhere to be found.  Any idea when is this expected? FYI - for folks that are also TippingPoint customers, t his is covered in Digital Vaccine #DV8633, released on November 11, 2014. -Matt -- ********************************************************* This DV includes coverage for the Microsoft Security Bulletins released on November 11, 2014. The following table maps TippingPoint filters to the Microsoft Bulletins. Bulletin #          TippingPoint Filter # ********************************************************* MS14-065            16492*,16552*,16556*,16559*,16561*,16857*,16944*,16954,16955,16956*,16957,16960,16968 MS14-064            16926,16946 MS14-066            16961 MS14-069            16945,16950,16953 16961: DTLS: Microsoft SChannel Cookie Length Buffer Overflow Vulnerability     Category: Vulnerabilities     CVE: 2014-6321,     Description:                 This filter detects an attempt to exploit a buffer overflow      vulnerability in Microsoft Secure Channel (SChannel) security      package.     Use of RECOMMEND action as category setting will cause this filter to be:      Disabled in default deployments.      Enabled with the "block+notify" action set in aggressive deployments.      Enabled with the "block+notify" action set in hyper-aggressive deployments. 16961: DTLS: Microsoft SChannel Cookie Length Buffer Overflow Vulnerability     Category: Vulnerabilities     CVE: 2014-6321,     Description:                 This filter detects an attempt to exploit a buffer overflow      vulnerability in Microsoft Secure Channel (SChannel) security      package.     Use of RECOMMEND action as category setting will cause this filter to be:      Disabled in default deployments.      Enabled with the "block+notify" action set in aggressive deployments.      Enabled with the "block+notify" action set in hyper-aggressive deployments. ... View more

Arp load sharing only provides load sharing within the connected layer 2 domain.  Think carefully about what benefits you expect to achieve in this scenario – benefits of each HA interface type.  If you are uncertain – choose floating. Are you also performing dynamic routing?  If so, is route table sync disabled?  Again, please think carefully about this scenario as it relates to the tunnels and HA connectivity. Since you are running active–active, I assume that you have specific failure scenarios in mind.  Be sure that the VPN service configuration will meet these same requirements. Since you are only starting to setup the cluster, understand that active-active can be much more complex than active-passive.  Advice: choose the simplest cluster method that will achieve your requirements. ... View more

Application & Threat update 394-1961 was released last night. It contained signature 36128 for CVE-2013-3893 (Microsoft Internet Explorer Use After Free Vulnerability). All set.  Thanks. ... View more

TippingPoint IPS can do this using custom reputation entries.  Identify the attackers by Wordpress Admin login attempts (TP filter 12373) exceeding whatever threshold you set, use the sms responder to quarantine and add the offender to a custom reputation list (actions effective across all IPS enterprise wide). As far as I recall, the N and NX series have no practical upper limit in IPv4.  (old E series, was capped at 10k) ... View more

I second this feature request: zone groups. ... View more