Signature Detail

Short Name	MS-RPC:ERR:INV-AUTH-PAD-LEN
Severity	High
Recommended	No
Category	MS-RPC
Release Date	2004/02/24
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

MS-RPC: Invalid Authentication Pad Length

This protocol anomaly is an Microsoft Remote Procedure Call (MSRPC) message with authentication padding length plus authentication section length that is larger than the entire MSRPC message payload length. Detecting this anomaly can indicate a malicious user might be attacking your system.

Extended Description

MSRPC messages whose authentication padding length plus authentication section length are longer than the length of the message are protocol anomalies and should be detected.

References

URL: http://windowssdk.msdn.microsoft.com/en-us/library/ms719418.aspx
URL: http://en.wikipedia.org/wiki/MSRPC

Signature Detail

Short Name

Severity

Recommended

Category

Release Date

Update Number

Supported Platforms

MS-RPC: Invalid Authentication Pad Length

Extended Description

References