SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER Active Directory LDAP addRequest crafted dnsRecord information leak attempt
This rule looks for evidence of a crafted dns record.
What To Look For
This rule fires upon LDAP requests to add a crafted dns record which may be used to exploit an information disclosure vulnerability in Active Directory.
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
Technique: Data from Local System
For reference, see the MITRE ATT&CK vulnerability types here:
Information Leakage happens when an attacker manipulates a system into revealing sensitive information, either through malformed input or by taking advantage of another feature of the system.
CVE Additional Information