Documentation - V-228843

Title

The Palo Alto Networks security platform must block phone home traffic.

Description

<VulnDiscussion>A variety of Distributed Denial of Service (DDoS) attacks and other attacks use "botnets" as an attack vector. A botnet is a collection of software agents (referred to as "bot"), residing on compromised computers. Attacks are orchestrated by a "bot herder" to command these agents to launch attacks. Part of the command and control communication between the controller and the bots is a message sent from a bot that informs the controller that it is operating. This is referred to as ...

Fix Text (Documentation Requirement)

Go to Objects >> Security Profiles >> Anti-Spyware. Select the name of a configured Anti-Spyware Profile or select "Add" to create a new one. In the "Anti-Spyware Profile" window, in the "DNS Signatures" tab, in the Action on "DNS queries" field, select "block" or "sinkhole". If "sinkhole" is selected, complete the "Sinkhole IPv4" and "Sinkhole IPv6" fields. Note: If DNS Sinkholing is used, the device and network must be configured to support it. If this is a new Anti-Spyware Profile, complete the required fields in all tabs. Select "OK". Use the Anti-Spyware Profile in a Security Policy; Edit the Security Policy Rule that allows traffic from client hosts in the trust zone to the untrust zone to include the sinkhole zone as a destination and attach the Anti-spyware Profile. Select or co...