MS-RPC: Evasion Technique (4a)

This anomaly triggers when it detects packets containing known evasion techniques that affect the SMB, DCE RPC, and MS RPC protocols. These packets should not be seen in normal traffic and indicate attempts to evade network defense systems by sending invalid, out of order, or heavily fragmented communication. Due to potential false-positives in some older MS-RPC services, this anomaly should only be used to inspect traffic going to and from the Internet on WAN links. This anomaly should NOT be used to monitor traffic between internal servers/clients on a LAN or inter-office WAN.

Short Name
MS-RPC:EVASION:DCE-LARGE-FRAG-2
Severity
Minor
Recommended
True
Recommended Action
None
Category
MS-RPC
Release Date
08/24/2010
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3324
False Positive
Unknown

Found a potential security threat?