This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Help

Who rated this post

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Thomas_Eichelbu
Advisor
Advisor
Tuesday
In response to the_rock

Hello, 

well yes:
the thing is ... both Updateable Objects contain both subnets ... based on my policy it sometimes matches the subnet on "Microsoft Teams Worldwide" then on "GitHub Services"


[Expert@XXXXXXXXXXXX:0:ACTIVE]# dynamic_objects -uo "GitHub Services" | grep 52.113
range 1037 : 52.113.9.0 52.113.9.255
range 1038 : 52.113.12.0 52.113.12.255
range 1039 : 52.113.16.0 52.113.31.255
range 1040 : 52.113.37.0 52.113.63.255
range 1041 : 52.113.69.0 52.113.69.255
range 1042 : 52.113.83.0 52.113.83.255
range 1043 : 52.113.85.0 52.113.86.255
range 1044 : 52.113.112.0 52.113.127.255
range 1045 : 52.113.129.0 52.113.130.255
range 1046 : 52.113.135.0 52.113.151.255
range 1047 : 52.113.160.0 52.113.191.255
range 1048 : 52.113.198.0 52.113.199.255
range 1049 : 52.113.205.0 52.113.206.255
range 1050 : 52.113.208.0 52.113.223.255

[Expert@XXXXXXXXXXXX:0:ACTIVE]# dynamic_objects -uo "Microsoft Teams Worldwide" | grep 52.1
range 0 : 52.112.0.0 52.115.255.255
range 1 : 52.122.0.0 52.123.255.255

when it matches on Github it results in a drop ... because the existing Github Rule does not contain the services used for MS Teams and the packet matches again on the CleanUP rule ... sure i could move around some rules ... but i consider this as a flaw .. 

(1)
Who rated this post