Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 MS-RPC:EVASION:BUFFERED-REQ

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 MS-RPC

Keywords

 msrpc evasion buffer request WRITE&REQUEST

Release Date

 2010/08/23

Update Number

 1758

Supported Platforms

 idp-4.1.110110609+, isg-3.4.139899+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

MS-RPC: Evasion Technique (8a)


This anomaly triggers when it detects packets containing known evasion techniques that affect the SMB, DCE, RPC, and MS RPC protocols. These packets are normally not seen in traffic and indicate attempts to evade network defense systems by sending invalid, out of order, or heavily fragmented communications. Use this anomaly only at WAN borders to reduce false positive possibilities.

References

  • CVE: CVE-2008-4038
  • CVE: CVE-2008-4834
  • CVE: CVE-2010-0020
  • URL: https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/smb/rras_vls_null_deref.rb

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out