Signature Detail

Short Name	MS-RPC:ERR:LEN-CONFLICT
Severity	High
Recommended	No
Category	MS-RPC
Release Date	2004/02/24
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

MS-RPC: Length Conflict

This protocol anomaly is a Microsoft Remote Procedure Call (MSRPC) connectionless message with a fragment length that conflicts with the common header length and the whole message length. Detecting this anomaly can indicate a malicious user might be attacking your system.

Extended Description

An MSRPC connectionless message length conflicting with the TCP packet header length, or with the whole packet length, should be detected.

References

URL: http://windowssdk.msdn.microsoft.com/en-us/library/ms719418.aspx
URL: http://www.faqs.org/rfcs/rfc1050.html

Signature Detail

Short Name

Severity

Recommended

Category

Release Date

Update Number

Supported Platforms

MS-RPC: Length Conflict

Extended Description

References