Sign in
Follow

ETPRO DOS IBM DB2 Database Server Invalid Data Stream Denial of Service (Published Exploit)

 

 IP AddressPortHostname
Source 208.82.213.132 (United States) ms-term-serv (3389)  
Destination (local) 50000  

 

 

Description:

 

False Positive:

  • YES
  • Rule is reasonably well crafted. It should not commonly be a false positive.
  • In this case, the ephemeral port for a user is 50000 which happens to match the rule.
  • There is also a significant amount of RDP traffic which happens to trigger the byte matching.

 

Action:

  • None

Comments

Powered by Zendesk