Signature Detail

RUSERS Username Overflow

This protocol anomaly is an RUSERS packet with a user name that is too long. The RUSERS protocol specifies 256 as the maximum user name length for RUSERS 1 and 2 versions, and 32 for RUSERS 3 version.

Extended Description

Any user name field in an rusers datagram that exceeds 32 octets in length constitutes a protocol anomaly. This could indicate a network configuration error or that an attacker is attempting to inject malformed RPC datagrams into the network.

References

• URL: http://publib.boulder.ibm.com/infocenter/pseries/index.jsp?topic=/com.ibm.aix.doc/cmds/aixcmds4/rusers.htm
• URL: http://linuxcommand.org/man_pages/rusers1.html