Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Daniel_Morin
Participant

Pandora Streaming Traffic intermittently 'redirected' as Malicous

We just recently received complaints that in the last 2 weeks streaming Pandora audio on our guest network intermittently freezes.   Restarting the Pandora session fixes the problem

Our guest WiFi network has a separate VLAN and internet connection than all of our other traffic.

We have a rule in our Application policy to block access to malicious sites originating from our guest VLANs, based on the Checkpoint pre-defined application category.

What we found in our logs was that intermittently Pandora traffic is 'redirected', being associated with the Phishing category.  Most of such entries are flagging URL similar to http://cont-4.p-cdn.us/images/public/amz/8/4/2/7/800027248_500W_500H.jpg as phishing, where cont-4.p-cdn.us resolves to 208.85.44.21, which has PTR of mediaserver-cont-dc6-1-v4.pandora.com so it is one of Pandora's IPs.

Checkpoint Support has had us add a rule above the Guest - Block Malicious Sites to specifically allow traffic classified as Pandora, but still we see redirects I just described.  We haven't received any further complaints though since having added the rule Support had suggested but these redirect entries associated with Pandora IPs I still see in the Block rule troubles me.

Looking further at the logs, I'm seeing log entries associated with the Block rule within 2 hours after having added the Allow Pandora rule where the log entry shows the category as Pandora, usrcheck message claiming access to b.scorecardresearch.com is blocked by our security policy.   Since b.scorecardresearch.com resolves to 96.16.98.73, why was it associated with Pandora traffic destined to mediaserver-ch1-t3-2-v4.pandora.com (208.85.44.28)?

Is anyone else seeing Pandora traffic affected as potentially malicious Phishing traffic?

2 Replies
PhoneBoy
Admin
Admin

It's possible we may need to see some traffic captures of the relevant traffic to understand what's going on.

They can be provided through your TAC case.

0 Kudos
Daniel_Morin
Participant

TAC was unable to adequately solve the problem.   Instead workarounds had to be put in place, some in my opinion to broad in nature.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events