cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

About seanmccoy

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
seanmccoy
‎08-31-2020
since ‎06-14-2017
L2 Linker
User Activity
User Profile
Latest posts by seanmccoy
View All
User Badges
Public Statistics
Date Registered ‎06-14-2017 08:57 AM
Date Last Visited ‎08-31-2020 12:01 PM
Total Messages Posted 15

Re: MS Updates blocked

by in General Topics
‎08-02-2019 11:00 AM
‎08-02-2019 11:00 AM
I'd be curious to hear what they recommend. ... View more

Re: Open port

by in General Topics
‎03-28-2019 01:09 PM
‎03-28-2019 01:09 PM
i actually need to open port 6965 to ATM machine at a yet to be determined IP address. I need to find out from the vendor what app is actually talking (if there is one). ... View more

Re: URL Filtering

by in General Topics
‎11-21-2018 01:20 AM
2 Kudos
‎11-21-2018 01:20 AM
2 Kudos
URL filtering happens at layer7 whereas traffic log is typically layer3 type of stuff, so it is perfectly possible to allow a tcp session in traffc logs and then block the url due to url filtering profile. The zebbrowsing session is blocked because the website category is bad, but the tcp communication underneath happens normally (hence an allow in traffic log)   It is best practice to build a policy based around User-ID as this will allow your users to all occupy the same IP space without you needing to set reservations to make sure certain people get specific access (and the potential of someone else figuring out the IP and hijacking it to get privileges) ... View more

Re: Configuring DNS sink hole on PA 3050 running PAN-OS 7.1.18

by Cyber Elite in General Topics
‎11-19-2018 10:26 AM
‎11-19-2018 10:26 AM
@seanmccoy, So I'm just guessing on your setup here, but I would expect with what you're seeing the domain controllers are also acting as your DNS servers? If that's the case, it simply means that one of the clients on your network is making DNS requests that match the published DNS Signatures, likely because the requested hostname is malicious in nature.  Unless you have a way to see the actual host -> DNS traffic, or you are loggign the DNS requests on the server, you really won't get a huge amount of actionable data. As of this moment the only thing you know for sure is that someone in your network is causing the DNS servers to make malicious DNS requests; without additional logs that isn't extremely helpful for you.  ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎08-31-2020 12:01 PM
Latest Tags
No tags yet
Latest Blogs
Latest Posts
Privacy Policy Terms of Use
Copyright 2007 - 2021 - Palo Alto Networks