Unknown Status from Windows Server 2016
hungerz opened this issue · comments
hungerz commented
[*] [1.2.3.4] Sending negotiation request
[*] [1.2.3.4] Sending client data
[*] [1.2.3.4] Sending ping packet
[-] [1.2.3.4] Status Unknown - Response received but length was 0 not 288
Deleted user commented
The likelihood is this system is not infected. In our test environment, uninfected machines forcibly terminated the connection and infected machines returned a 288 byte response, both with SSL and non-SSL variants.
Others have reported many systems returning 0-byte and 9-byte responses that were not believed to be infected. We have not seen this in our test environment to confirm so we left it officially as "status unknown" with only a 288-byte response being considered infected
hungerz commented
Thank you for your clarification.