This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Quinton
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Quinton
09-12-2016
66Posts
17Likes
2Solutions
Sep 12, 2016Last Visited
User
Activity
User
Profile
Latest posts by Quinton
| Subject | Views | Posted |
|---|---|---|
| 4423 | 02-12-2015 02:49 AM | |
| 4423 | 02-05-2015 08:06 AM | |
| 3740 | 08-04-2014 09:48 AM | |
| 3792 | 08-04-2014 05:00 AM | |
| 3792 | 08-04-2014 03:11 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 10-01-2012 01:29 PM | |
| 1 Like | 03-13-2013 12:39 PM | |
| 1 Like | 06-19-2013 12:26 PM | |
| 1 Like | 09-12-2012 11:44 AM | |
| 1 Like | 09-15-2012 11:24 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 3 Likes | |||
| 3 Likes | |||
| 2 Likes | |||
| 4 Likes | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 04-16-2012 02:33 AM |
| Date Last Visited | 09-12-2016 02:13 AM |
| Posts | 66 |
| Total Likes Received | 17 |
02-12-2015
02:49 AM
Wireless is no problem. Are these devices part of the Windows domain?
... View more
02-05-2015
08:06 AM
Sounds like the user is caching out. Nothing to do with the application. I'm assuming these computers are part of the domain since you do pick up the user initially through the user-ID agent. Did you enable "Server session monitoring" in the userID agent? Also is WMI probing enabled and working? Both these mechanisms will help keep the user to IP mappings fresh.
... View more
08-04-2014
09:48 AM
I've tried creating a custom app as well. It seems like the built-in app-ID protocol decoders identify the application first and then skips my custom application all together. I guess the sequence of matching applications is first the pre-defined application database, then unknown apps are matched against any custom defined applications. App override works but that opens a huge whole in firewall by disabling DPI on the port range specified.
... View more
08-04-2014
05:00 AM
If I'm not mistaken, technically a custom vulnerability signature should work regardless of source and/or destination ports. Key variable here is source IP which is constant (customer). Basically a security rule is created with the application specified as "bittorrent". The packets are handed over for content checking (vulnerability profile) once the rule matches a bittorrent session. So the custom vulnerability signature only checks the packets for the pattern specified in the custom vulnerability signature. It does not look at ports at all in the signature. So the action of the custom vulnerability filter (combination) is based on how many times the pattern was seen in x amount of time. The missing ingredient is access to the p2p context in the pattern match criteria in the PAN Web interface.
... View more
08-04-2014
03:11 AM
Thanks Phil. What about only allowing bittorrent on a set amount of ports (<customer src ip>:[50000-55000]) and then do DOS on that? Kinda forces the torrent clients into a manageable "space"? QoS will work to a certain extent. You can still hit extremely high session counts on very little bandwidth. For example I can saturate the session table on a PA3020 with a 100 x 1Mbps customers all running bittorrent. Even if you QoS it down to 50Mbps or less on the PAN. QoS will drop individual packets in a session, but the sessions will stay open which is the problem. I'll check into caching out the bittorrent sessions quicker. Very seldom that a session idles in bittorrent. Caching out the sessions earlier might increase the TCP chatter of the bittorrent protocol trying to reestablish closed sessions.
... View more
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks