This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

EXPLOIT kerberos principal name overflow TCP

Is this anything I should worry about?

I had Excepted my laptop from IPS, but decided to submit it to the checks. This is the only Alert I get. Normally, there's nothing, then there will be a burst of about 15. I only connect via VPN to our Astaro. The server is our SBS2003 running Exchange, AD, DHCP, DNS, etc. My laptop is Vista Pro SP1.

Message........: EXPLOIT kerberos principal name overflow TCP
Details........: http://www.snort.org/pub-bin/sigs.cgi?sid=2579
Time...........: 2009:06:01-10:16:01
Packet dropped.: yes
Priority.......: 1 (high)
Classification.: Attempted Administrator Privilege Gain
IP protocol....: 6 (TCP)

Source IP address: 10.x.x.51

Source port: 18345

Destination IP address: 10.x.x.7 (server.company.local)

Destination port: 88 (kerberos)

Cheers - Bob

This thread was automatically locked due to age.

0 BrucekConvergent over 16 years ago

IF the source and destination are known domain members, and you don't see any rootkits, etc. on the boxes involved, it's likely to be a false positive; I've seen these before in certain network configurations.

CTO, Convergent Information Security Solutions, LLC

https://www.convergesecurity.com

Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Cancel
Vote Up 0 Vote Down

Cancel