Contact us

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries

Services

Services

Take me to HPE.com

MS-RPC: Evasion Technique (8a)

This anomaly triggers when it detects packets containing known evasion techniques that affect the SMB, DCE, RPC, and MS RPC protocols. These packets are normally not seen in traffic and indicate attempts to evade network defense systems by sending invalid, out of order, or heavily fragmented communications. Use this anomaly only at WAN borders to reduce false positive possibilities.

References

BugTraq: 35993

CVE: CVE-2011-1961

URL: https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/dos/windows/smb/rras_vls_null_deref.rb

Short Name

MS-RPC:EVASION:BUFFERED-REQ

Severity

Major

Recommended

False

Recommended Action

Drop

Category

MS-RPC

Keywords

CVE-2008-4038 CVE-2008-4834 CVE-2009-1930 CVE-2010-0020 CVE-2011-1961 CVE-2015-2369 CVE-2016-0148 CVE-2017-8464 WRITE&REQUEST bid:35993 buffer evasion msrpc request

Release Date

08/24/2010

Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version

3700

False Positive

Frequently

CVSS Score

9.0

10.0