OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself. (such as?)
OS-WINDOWS Microsoft Windows NetrServerReqChallenge RPC transport sign and seal disabling attempt
This rule looks for specially crafted NetrServerAuthenticate3 requests sent to Windows MS-NRPC servers that are intended to gain unauthenticated access to a Domain Controller.
This rule fires on attempts to exploit an authentication bypass vulnerability in the Microsoft Netlogon Remote Protocol.
Attacks/Scans seen in the wild
No known false positives
Cisco Talos Intelligence Group
No rule groups
Authentication Bypass
An Authentication Bypass occurs when there is a way to avoid providing user credentials to a system before performing restricted operations on said system.
CVE-2020-1472 |
Loading description
|
CVE-2025-33070 |
Loading description
|