NTP traffic is misidentified as BitTorrent

NTP traffic is misidentified as BitTorrent

408
Created On 07/11/22 22:49 PM - Last Modified 11/07/25 21:02 PM


Symptom


  • Legitimate ntp traffic is misidentified as bittorrent

Environment


  • PAN-OS Firewall

Cause


  1. bittorrent traffic using destination port 123 installs predict sessions in the firewall.
  2. Later on, legitimate NTP traffic attempts to traverse the firewall.
  3. The legitimate NTP traffic matches the pre-existing bittorrent predict session.
  4. The ntp traffic is misidentified as bittorrent.

Resolution


The issue has been resolved in Content version 8586-7445.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wkvOCAQ&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail