cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About Landon

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Landon
‎08-17-2020
since ‎11-05-2012
L1 Bithead
User Activity
User Profile
User Badges
Public Statistics
Date Registered ‎11-05-2012 09:33 PM
Date Last Visited ‎08-17-2020 03:24 PM
Total Messages Posted 5

Re: Block-ip action for blocking brute force ssh doesn't seem to be working

by in General Topics
‎02-08-2013 10:51 AM
‎02-08-2013 10:51 AM
Is there a changelog for 4.1.7 I could look through? I'm not finding it in the documentation section. ... View more

Re: Block-ip action for blocking brute force ssh doesn't seem to be working

by in General Topics
‎02-08-2013 10:33 AM
‎02-08-2013 10:33 AM
We're running PANOS 4.1.6 on a PA-5020 ... View more

Re: Block-ip action for blocking brute force ssh doesn't seem to be working

by in General Topics
‎02-07-2013 06:28 PM
‎02-07-2013 06:28 PM
Anyone have any ideas? Palo Alto, you there? ... View more

Re: Block-ip action for blocking brute force ssh doesn't seem to be working

by in General Topics
‎01-31-2013 08:59 AM
‎01-31-2013 08:59 AM
The security policy is configured to only allow SSH, ping and rsync connections from all destinations. The rule for vulnerabilities is to alert on all medium to critical vulnerabilities. We added an exception for the SSH Brute Force vulnerability, since we were seeing quite a few in the logs. Originally, the action on the exception was block-ip for 30 minutes, which wasn't working. We then set the action to drop, and it worked fine. Is that enough information to make it clearer? ... View more

Block-ip action for blocking brute force ssh doesn't seem to be working

by in General Topics
‎01-31-2013 08:15 AM
‎01-31-2013 08:15 AM
We've been noticing that we are getting quite a bit of brute force ssh attempts on our system, so we decided tonight to put in a rule that blocks those attempts. I took one of our existing policies that just logs everything, and added an exception that would block ssh brute forcing. Originally the action we set was block-ip, and we set it to block the ip for 30 minutes. However, when I ran a brute forcer against one of our servers, I saw all my connections coming in (about 3k) and it showed up in the monitor log as a brute force threat. Even though it classified as a threat, it doesn't seem that it blocked my ip at all. I ran the test multiple times and it kept detecting me, but not blocking me. I then switched the action to drop, and it worked great, it blocked me after about 20 attempts. Anyone know why the block-ip action wouldn't work, but drop would? Also, seems like it took about 5 minutes until I could SSH back in. That time is probably fine, but anyone know how long it's supposed to start accepting packets from an ip address once it has detected a threat? Thanks for your help. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-17-2020 03:24 PM
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2020 - Palo Alto Networks