[Snort-sigs] False positives on rule SID 2514

Iván Laso xivan31 at ...12...
Thu Oct 6 05:04:01 EDT 2005


Rule: NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit 
attempt

--
Sid: 2514

--
Summary:

--
Impact:

--
Detailed Information:

--
Affected Systems:

--
Attack Scenarios:

--
Ease of Attack:

--
False Positives: Loginng on Windows 2003, open Active Directory Users and 
Computers, right click any computer account, click manage, expand event 
viewer and this alert is triggered.

--
False Negatives:

--
Corrective Action:

--
Contributors:

--
Additional References:






More information about the Snort-sigs mailing list