SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt
This rule looks for evidence of a crafted dns record.
This rule fires upon LDAP requests to add a crafted dns record which may be used to exploit an information disclosure vulnerability in Active Directory.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Information Leak
Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.
CVE-2020-0856 |
Loading description
|
Tactic: Collection
Technique: Data from Local System
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org