Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Microsoft's Remote Procedure Call Vulnerability

Is the Microsoft's Remote Procedure Call (RPC) reference in the current signature database?

If not, is there a custom string that can be put in place.

6 REPLIES
New Member

Re: Microsoft's Remote Procedure Call Vulnerability

No not yet. ISS RealSecure Network and Proventia provided protection about a week ago.

New Member

Re: Microsoft's Remote Procedure Call Vulnerability

A number of exploits for this vulnerability are now available in the wild. Has Cisco released any custom signatures for detection yet?

Cisco Employee

Re: Microsoft's Remote Procedure Call Vulnerability

A signature for this vulnerability has been released in S49. You can retrieve it from:

http://www.cisco.com/cgi-bin/tablebuild.pl/ids3-app

New Member

Re: Microsoft's Remote Procedure Call Vulnerability

Yeah and I get false positives up the wazoo.

I'm sorry but unless you release the details of how your signature works, I turn them off and correlate home-made, my proventias and snort.

Visibility in to your signatures provides better tuning than relying on your blackbox approach.

Cisco Employee

Re: Microsoft's Remote Procedure Call Vulnerability

Which signature is giving false positives? and on which port?

SC

Cisco Employee

Re: Microsoft's Remote Procedure Call Vulnerability

If you are runnning 4.X then you have full access to the details of the signature. All you have to do is open the signature up in IDM as if you were going to edit it and the complete signature details are there for your perusal.

If you are having an issue with a signature that is false positiving, then please bring it to our attention so that we can get to the root cause of the problem. We are constantly trying to improve the fidelity of our signatures, however or visibility is only as good as the feedback that we are receiving.

Please contact me directly at klwiley@cisco.com and I will try to help you with your problems.

111
Views
4
Helpful
6
Replies
CreatePlease to create content