[Snort-sigs] False positives on 2050.3 (MS-SQL version overflow attempt)

nnposter at ...592... nnposter at ...592...
Fri Jun 4 15:53:04 EDT 2004


Rule:
MS-SQL version overflow attempt

--
Sid:
2050

--
Summary:

--
Impact:

--
Detailed Information:

--
Affected Systems:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives:

This rule can be triggered by UDP responses to requests originating from
ephemeral port 1434. Example: a DNS response with transaction ID between
0x0400 and 0x04FF.

--
False Negatives:

--
Corrective Action:

--
Contributors:

-- 
Additional References:




More information about the Snort-sigs mailing list