Rule

--
Sid
133-1

--
Summary:
This event is generated when the dcerpc2 preprocessor detects anomalous network traffic.

--
Impact:
Unknown. This is an indication of anomalous behaviour between networked assets.

--
Detailed Information:
This event is generated when the dcerpc2 preprocessor detects anomalous network traffic.

If the memory cap is reached and the preprocessor is configured to alert.

This event can be controlled using the ((dce2)) configuration options.

--
Affected Systems:
All systems using NetBIOS or SMB sharing

--
Attack Scenarios:
NA

--
Ease of Attack:
Simple.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:


--
Contributors:
Sourcefire Vulnerability Research Team


--
Additional References:


--
