ETPRO DOS IBM DB2 Database Server Invalid Data Stream Denial of Service (Published Exploit)

Description:

• DB2 DoS. See the following for details:
• https://www.vulnerabilitycenter.com/#!vul=20615
• http://www.securityfocus.com/bid/33258/exploit

False Positive:

• YES
• Rule is reasonably well crafted. It should not commonly be a false positive.
• In this case, the ephemeral port for a user is 50000 which happens to match the rule.
• There is also a significant amount of RDP traffic which happens to trigger the byte matching.

Action:

• None