PDA

View Full Version : Signature troubleshooting: MS-SQL Server Protocol - General Settings



gregsmithitsecurity
2013-10-15, 16:23
I'm receiving the following event from the signature "MS-SQL Server Protocol - General Settings". Within this signature the following options are set (Defaults). Can anyone provide some guidance for further review? I know the first option (Blank Password) is not the culprit. Is this signature enabled on anyone elses IPS and do you see it triggering often and providing value?


Block login attempt with blank password
Block Extended Stored Procedures command execution
block Stored Procedures immediate job execution





Number: 1
Date: 15Oct2013
Time: 14:47:05
Origin: x.x.x.x
Type: Log
Action: Detect
Service: MS-SQL-Server (1433)
Source: 1.1.1.1
Destination: 2.2.2.2
Protocol: tcp
Rule: 139
Rule UID: {B50A8F28-816B-4929-A398-70B5ED1D021B}
Information: Total logs: 2
aba_customer: Internet
Attack: MS-SQL Server Protocol Enforcement Violation
Attack Information: Login Packet Too Long Detected on Connection
Product: IPS Software Blade
IPS Profile: Global_IPS_Detect_US
Protection Name: MS-SQL Server Protocol - General Settings
Severity: High
Confidence Level: Medium-High
Follow Up: Not Followed
Performance Impact: Low
Industry Reference: CAN-2000-1209, CVE-2002-1123
Suppressed Logs: 1
Product Family: Network
Protection Type: Signature
Policy Info: Policy Name: US_Internet
Created at: Mon Oct 14 11:29:22 2013
Installed from: Internet_Primary