This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Landon
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Landon
07-26-2021
5Posts
0Likes
0Solutions
Jul 26, 2021Last Visited
User
Activity
User
Profile
Latest posts by Landon
| Subject | Views | Posted |
|---|---|---|
| 3215 | 02-08-2013 10:51 AM | |
| 3215 | 02-08-2013 10:33 AM | |
| 3258 | 02-07-2013 06:28 PM | |
| 3258 | 01-31-2013 08:59 AM | |
| 3464 | 01-31-2013 08:15 AM |
User Badges
Community Statistics
| Member Since | 11-05-2012 09:33 PM |
| Date Last Visited | 07-26-2021 12:46 PM |
| Posts | 5 |
02-08-2013
10:51 AM
Is there a changelog for 4.1.7 I could look through? I'm not finding it in the documentation section.
... View more
02-08-2013
10:33 AM
We're running PANOS 4.1.6 on a PA-5020
... View more
02-07-2013
06:28 PM
Anyone have any ideas? Palo Alto, you there?
... View more
01-31-2013
08:59 AM
The security policy is configured to only allow SSH, ping and rsync connections from all destinations. The rule for vulnerabilities is to alert on all medium to critical vulnerabilities. We added an exception for the SSH Brute Force vulnerability, since we were seeing quite a few in the logs. Originally, the action on the exception was block-ip for 30 minutes, which wasn't working. We then set the action to drop, and it worked fine. Is that enough information to make it clearer?
... View more
01-31-2013
08:15 AM
We've been noticing that we are getting quite a bit of brute force ssh attempts on our system, so we decided tonight to put in a rule that blocks those attempts. I took one of our existing policies that just logs everything, and added an exception that would block ssh brute forcing. Originally the action we set was block-ip, and we set it to block the ip for 30 minutes. However, when I ran a brute forcer against one of our servers, I saw all my connections coming in (about 3k) and it showed up in the monitor log as a brute force threat. Even though it classified as a threat, it doesn't seem that it blocked my ip at all. I ran the test multiple times and it kept detecting me, but not blocking me. I then switched the action to drop, and it worked great, it blocked me after about 20 attempts. Anyone know why the block-ip action wouldn't work, but drop would? Also, seems like it took about 5 minutes until I could SSH back in. That time is probably fine, but anyone know how long it's supposed to start accepting packets from an ip address once it has detected a threat? Thanks for your help.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
07-26-2021
12:46 PM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks