Think you have a false positive on this rule?

Sid 1-15912

Summary:

    OS-WINDOWS TCP window closed before receiving data

Impact:

    Confidentiality Impact: NONE Integrity Impact: NONE Availability Impact: COMPLETE

Detailed Information:

    Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."

Affected Systems:

    microsoft windows server 2008 x32
    microsoft windows xp sp2 professional
    microsoft windows vista sp1 x64
    microsoft windows vista sp2 x64
    microsoft windows vista sp1
    microsoft windows server 2008 sp2 x32
    microsoft windows vista sp2
    microsoft windows server 2008 sp2 x64
    microsoft windows server 2008 itanium
    microsoft windows server 2003 sp2 itanium
    microsoft windows server 2008 x64
    microsoft windows server 2008 sp2 itanium
    microsoft windows vista
    microsoft windows server 2003 sp2
    microsoft windows server 2003 sp2 x64
    microsoft windows xp sp2
    microsoft windows vista x64
    microsoft windows xp sp3
    microsoft windows 2000 sp4

Attack Scenarios:

    No data available

False Positives:

    None known

False Negatives:

    None known

Corrective Action:

    Upgrade to the latest non-affected version
    Apply vendor-provided patches

Contributors:

    No data available

Additional References: