Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
1137
Views
5
Helpful
0
Comments

DCE/RPC Preprocessor: SMB DIALECT

Mohammed al Baqari
Level 11
Level 11

‎07-07-2019 06:14 AM - edited ‎02-21-2020 10:03 PM

If you have DCE/RPC Preprocessor enabled, then you have seen lot of alerts in FMC against these signatures

 

Traffic

Preprocessor Rule GID:SID

SMB

133:2 through 133:26, and 133:48 through 133:57

Connection-Oriented DCE/RPC (TCP 135)

133:27 through 133:39

Detect Connectionless DCE/RPC (UDP 135)

133:40 through 133:43

 

But what is SMB DIALECT?

 

It is used to negotiate the SMB version to be used in communication between two systems. The version of SMB used between two computers will be the highest dialect supported by both. This means if a Windows 8 machine is talking to a Windows 8 or Windows Server 2012 machine, it will use SMB 3.0. If a Windows 10 machine is talking to Windows Server 2008 R2, then the highest common level is SMB 2.1.

 

05-win7vsw2k8r2default1.jpg

**** SMB 2.????

01-ntlm-dialects.jpg

Untitled picture.png

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents