Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Hi
If you’ve heard about this vulnerability which has been located (and published before it was advised to MSRC – Microsoft Security Response Center) and want to see if there are machines on your network attempting to exploit it, here’s a Network Monitor capture filter to show you the source IP of the attacker or infected PC:
smb.command == 0x72 AND SMB.SMBHeader.Flags.FromServer == 0x0 AND SMB.SMBHeader.PIDHigh != 0x0
Get NetMon 3.3 from here.
And the VERY cool updated NetMon parsers from CodePlex.
The signature for the vulnerability has been published here.