EDL IP no válidas: &quot;<FF><FE>1&quot;

EDL IP no válidas: &quot;<FF><FE>1&quot;

12769
Created On 10/26/21 23:10 PM - Last Modified 03/02/23 02:32 AM


Symptom


IP no válidas: "<FF><FE>1" al ejecutar EDL el comando show para enumerar IP direcciones de un EDL objeto
> request system external-list show type ip name "EDL TEST Block List"

EDL TEST Block List
Total valid entries : 0
Total ignored entries : 0
Total invalid entries : 7528
Total displayed entries : 100
Invalid ips:
<FF><FE>1

 

Environment


  • PANOS 9.0.x
  • PANOS 9.1.x
  • Palo Alto 5220 Firewall

Cause


  • Error de formato en el archivo de lista alojado en el EDL servidor remoto
  • Múltiples espacios, caracteres especiales en los comentarios, formato de codificación incorrecto
Original EDL File

1.1.1.1/32    #    Palo Logs    MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability   
2.2.2.2/32    #    Palo Logs    MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability     
3.3.3.3/32    #    Palo Logs    MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability       
4.4.4.4/32    #    SecureWorks.    Smallshell ASP Webshell Upload Detection (webshell)   
5.5.5.5/32    #    SecureWorks.    Spyware: APIKey Backdoor Traffic Detection   
6.6.6.6/32    #    SecureWorks    Spyware: Smallshell ASP Webshell Upload Detection   
7.7.7.7/32    #    SecureWorks    Spyware: Smallshell ASP Webshell Upload Detection 
 


Resolution


  1. Eliminar varios espacios.
  2. Evite usar caracteres especiales en los comentarios.
  3. Utilice cualquiera de los dos ASCII formatos UTF-8 .
Ejemplo
1.1.1.1/32 #Palo Logs MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability
2.2.2.2/32 #Palo Logs MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability     
3.3.3.3/32 #Palo Logs MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability       
4.4.4.4/32 #SecureWorks Smallshell ASP Webshell Upload Detection webshell    
5.5.5.5/32 #SecureWorks Spyware APIKey Backdoor Traffic Detection
6.6.6.6/32 #SecureWorks Spyware Smallshell ASP Webshell Upload Detection     
7.7.7.7/32 #SecureWorks Spyware Smallshell ASP Webshell Upload Detection   
 
  1. Actualizar lista.
> request system external-list refresh type ip name "EDL TEST Block List"
  1. Verificar la EDL lista
> request system external-list show type ip name "EDL TEST Block List"

Revise nuestras Directrices de formato para una lista dinámica externa


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004M7ICAU&lang=es%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language