EDL 无效的 ips:“<FF><FE>1”
12795
Created On 10/26/21 23:10 PM - Last Modified 03/02/23 02:32 AM
Symptom
无效的 ips:“<FF ><FE >1" 运行时EDL显示命令以列出IP地址来自EDL目的
> request system external-list show type ip name "EDL TEST Block List"
EDL TEST Block List
Total valid entries : 0
Total ignored entries : 0
Total invalid entries : 7528
Total displayed entries : 100
Invalid ips:
<FF><FE>1Environment
- PANOS 9.0.x
- PANOS 9.1.x
- 帕洛阿尔托 5220 Firewall
Cause
- 格式错误EDL列出托管在远程服务器中的文件
- 多个空格、注释中的特殊字符、错误的编码格式
Original EDL File
1.1.1.1/32 # Palo Logs MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability
2.2.2.2/32 # Palo Logs MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability
3.3.3.3/32 # Palo Logs MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability
4.4.4.4/32 # SecureWorks. Smallshell ASP Webshell Upload Detection (webshell)
5.5.5.5/32 # SecureWorks. Spyware: APIKey Backdoor Traffic Detection
6.6.6.6/32 # SecureWorks Spyware: Smallshell ASP Webshell Upload Detection
7.7.7.7/32 # SecureWorks Spyware: Smallshell ASP Webshell Upload Detection
Resolution
- 消除多个空间。
- 避免在评论中使用特殊字符。
- 使用任何一个ASCII或者UTF-8格式。
1.1.1.1/32 #Palo Logs MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability
2.2.2.2/32 #Palo Logs MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability
3.3.3.3/32 #Palo Logs MVPower DVR TV Shell Unauthenticated Command Execution Vulnerability
4.4.4.4/32 #SecureWorks Smallshell ASP Webshell Upload Detection webshell
5.5.5.5/32 #SecureWorks Spyware APIKey Backdoor Traffic Detection
6.6.6.6/32 #SecureWorks Spyware Smallshell ASP Webshell Upload Detection
7.7.7.7/32 #SecureWorks Spyware Smallshell ASP Webshell Upload Detection
- 刷新列表。
> request system external-list refresh type ip name "EDL TEST Block List"
- 核实这EDL列表
> request system external-list show type ip name "EDL TEST Block List"
审查我们的外部动态列表的格式指南