Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
332
Views
0
Helpful
1
Replies

SMB DOS sig

sangelo
Level 1
Level 1

‎08-27-2002 08:43 AM - edited ‎03-09-2019 12:04 AM

Greetings, has anyone come up with a custom sig that will catch the MS02-045 (Unchecked Buffer in Network Share Provider Can Lead to Denial of Service (Q326830)) attack yet?

I have not seen much out there yet.

thx much, sam

Labels:
0 Helpful
1 Reply 1

anthall
Level 1
Level 1

‎08-30-2002 11:43 AM

Sorry for the delay in this custom signature. There were some issues with false positives that we wanted to eliminate before releasing.

The following signature will be part of the S31 signature update:

Tune Signature Parameters : CSIDS Signature Wizard

___________________________________________________________________________

Current Signature: Engine STRING.TCP SIGID 20000

SigName: SMB Enum Share DoS

___________________________________________________________________________

0 - Edit ALL Parameters

1 - AlarmInterval =

2 - AlarmThrottle = FireOnce

3 - ChokeThreshold =

4 - Direction = ToService

5 - FlipAddr =

6 - LimitSummary =

7 - MaxInspectLength =

8 - MinHits = 1

9 - MinMatchLength =

10 - MultipleHits =

11 * RegexString = ....\xff\x53\x4d\x42\x25[\x00-\xff]{32}\x00\x00\x00\x00[\x00-\xff]{22}[^\x00]*\x00[\x00\xd7\x68]\x00\x57

12 - ResetAfterIdle = 15

13 - ServicePorts = 139,445

14 - SigComment =

15 - SigName = SMB Enum Share DoS

16 - SigStringInfo = SMBdie

17 - StripTelnetOptions =

18 - ThrottleInterval = 15

19 - WantFrag =

d - Delete a value

u - UNDO and continue

x - SAVE and continue

___________________________________________________________________________

Selection>

0 Helpful
Customers Also Viewed These Support Documents