https://community.checkpoint.com/t5/General-Topics/Pandora-Streaming-Traffic-intermittently-redirected-as-Malicous/m-p/18379#M3306 <HTML><HEAD></HEAD><BODY><P>TAC was unable to adequately solve the problem.&nbsp; &nbsp;Instead workarounds had to be put in place, some in my opinion to broad in nature.</P></BODY></HTML> Fri, 27 Jul 2018 16:07:41 GMT Daniel_Morin 2018-07-27T16:07:41Z https://community.checkpoint.com/t5/General-Topics/Pandora-Streaming-Traffic-intermittently-redirected-as-Malicous/m-p/18377#M3304 <HTML><HEAD></HEAD><BODY><P>We just recently received complaints that in the last 2 weeks streaming Pandora audio on our guest network intermittently freezes.&nbsp; &nbsp;Restarting the Pandora session fixes the problem</P><P></P><P>Our guest WiFi network has a separate VLAN and internet connection than all of our other traffic.</P><P>We have a rule in our Application policy to block access to malicious sites originating from our guest VLANs, based on the Checkpoint pre-defined application category.</P><P>What we found in our logs was that intermittently Pandora traffic is 'redirected', being associated with the Phishing category.&nbsp; Most of such entries are flagging URL similar to&nbsp;<A class="link-titled" href="http://cont-4.p-cdn.us/images/public/amz/8/4/2/7/800027248_500W_500H.jpg" title="http://cont-4.p-cdn.us/images/public/amz/8/4/2/7/800027248_500W_500H.jpg">http://cont-4.p-cdn.us/images/public/amz/8/4/2/7/800027248_500W_500H.jpg</A>&nbsp;as phishing, where&nbsp;<A href="http://cont-4.p-cdn.us/images/public/amz/8/4/2/7/800027248_500W_500H.jpg" style="color: #2989c5; text-decoration: underline;" title="http://cont-4.p-cdn.us/images/public/amz/8/4/2/7/800027248_500W_500H.jpg">cont-4.p-cdn.us</A>&nbsp;resolves to 208.85.44.21, which has PTR of&nbsp;mediaserver-cont-dc6-1-v4.pandora.com so it is one of Pandora's IPs.</P><P></P><P>Checkpoint Support has had us add a rule above the Guest - Block Malicious Sites to specifically allow traffic classified as Pandora, but still we see redirects I just described.&nbsp; We haven't received any further complaints though since having added the rule Support had suggested but these redirect entries associated with Pandora IPs I still see in the Block rule troubles me.</P><P>Looking further at the logs, I'm seeing log entries associated with the Block rule within 2 hours after having added the Allow Pandora rule where the log entry shows the category as Pandora, usrcheck message claiming access to&nbsp;b.scorecardresearch.com is blocked by our security policy.&nbsp; &nbsp;Since&nbsp;b.scorecardresearch.com resolves to 96.16.98.73, why was it associated with Pandora traffic destined to&nbsp;mediaserver-ch1-t3-2-v4.pandora.com (208.85.44.28)?</P><P></P><P>Is anyone else seeing Pandora traffic affected as potentially malicious Phishing traffic?</P></BODY></HTML> Thu, 26 Apr 2018 13:52:34 GMT https://community.checkpoint.com/t5/General-Topics/Pandora-Streaming-Traffic-intermittently-redirected-as-Malicous/m-p/18377#M3304 Daniel_Morin 2018-04-26T13:52:34Z https://community.checkpoint.com/t5/General-Topics/Pandora-Streaming-Traffic-intermittently-redirected-as-Malicous/m-p/18378#M3305 <HTML><HEAD></HEAD><BODY><P>It's possible we may need to see some traffic captures of the relevant traffic to understand what's going on.</P><P>They can be provided through your TAC case.</P></BODY></HTML> Thu, 26 Apr 2018 16:31:24 GMT https://community.checkpoint.com/t5/General-Topics/Pandora-Streaming-Traffic-intermittently-redirected-as-Malicous/m-p/18378#M3305 PhoneBoy 2018-04-26T16:31:24Z https://community.checkpoint.com/t5/General-Topics/Pandora-Streaming-Traffic-intermittently-redirected-as-Malicous/m-p/18379#M3306 <HTML><HEAD></HEAD><BODY><P>TAC was unable to adequately solve the problem.&nbsp; &nbsp;Instead workarounds had to be put in place, some in my opinion to broad in nature.</P></BODY></HTML> Fri, 27 Jul 2018 16:07:41 GMT https://community.checkpoint.com/t5/General-Topics/Pandora-Streaming-Traffic-intermittently-redirected-as-Malicous/m-p/18379#M3306 Daniel_Morin 2018-07-27T16:07:41Z