Signature Detail

RUSERS Host Overflow

This protocol anomaly is an RUSERS packet with a host name that is too long. The RUSERS protocol specifies 256 as the maximum host name length for RUSERS 1 and 2 versions, and 257 for RUSERS 3 version.

Extended Description

Any rusers datagram that exceeds 257 octets in length constitutes a protocol anomaly. This could indicate a network configuration error or that an attacker is attempting to inject malformed RPC datagrams into the network.

References

• URL: http://publib.boulder.ibm.com/infocenter/pseries/index.jsp?topic=/com.ibm.aix.doc/cmds/aixcmds4/rusers.htm
• URL: http://linuxcommand.org/man_pages/rusers1.html