Microsoft RPC evasion
Because of its complexity, the Microsoft Remote Procedure Call protocol suite is subject to a number of known evasion techniques, including:
• SMB-level fragmentation
• DCERPC-level fragmentation
• DCERPC multi-part fragmentation
• DCERPC UDP fragmentation
• Multiple DCERPC fragments in one packet
The FortiGate unit reassembles the fragments into their original form before inspection.