Unknown Status from Windows Server 2016

Question

Unknown Status from Windows Server 2016

hungerz opened this issue 7 years ago · comments

[*] [1.2.3.4] Sending negotiation request
[*] [1.2.3.4] Sending client data
[*] [1.2.3.4] Sending ping packet
[-] [1.2.3.4] Status Unknown - Response received but length was 0 not 288

Deleted user · Answer 1 · Thu Apr 27 2017 18:41:50 GMT+0800 (China Standard Time)

The likelihood is this system is not infected. In our test environment, uninfected machines forcibly terminated the connection and infected machines returned a 288 byte response, both with SSL and non-SSL variants.

Others have reported many systems returning 0-byte and 9-byte responses that were not believed to be infected. We have not seen this in our test environment to confirm so we left it officially as "status unknown" with only a 288-byte response being considered infected

hungerz · Answer 2 · Thu Apr 27 2017 19:02:14 GMT+0800 (China Standard Time)

Thank you for your clarification.