virus logo Intrusion Prevention

WSDirectory.UDP.Amplification.Detection

description-logoDescription

This indicates a UDP Amplification attempt through the WS-Directory protocol.
The vulnerability is due to an error in the vulnerable application when handling a series of maliciously crafted requests. An attacker can exploit this to cause a denial of service condition on the affected machine via maliciously crafted requests. The signature detects for 50 suspicious requests within 1 second.
Setting this signature to "Quarantine" is not definitive to who the attacker is as the both the client and the server are victims for this issue.

affected-products-logoAffected Products

Systems using the WS-Directory protocol

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems

recomended-action-logoRecommended Actions

Monitor the traffic from that network for any suspicious activity.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2019-10-22 14.708 Default_action:pass:drop
2019-10-17 14.706 Sig Added
2019-10-02 14.698
ID 48409
Created Oct 10, 2019
Updated Apr 17, 2023
Risk black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Default Action drop
Active
Affected OS Other
Affected App Other