Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:530 |
Message | NETBIOS NT NULL session |
Summary | This event is generated when an attacker sends a blank username and blank password in an attempt to connect to the IPC$ (Interprocess Communication) pipe. |
Impact | Information gathering. This attack can permit the disclosure of sensitive information about the target host. |
Detailed Information | Null sessions allow browsing of Windows hosts by the "Network Neighborhood" and other functions. A Null session permits access to a host using a blank user name and password. At attacker may attempt to perform a Null session connection, disclosing sensitive information about the target host such as available shares and user names. |
Affected Systems | Microsoft Windows hosts |
Attack Scenarios | An attacker can send a blank username and blank password to try to connect to the IPC$ hidden share on the target computer. |
Ease of Attack | Simple. |
Corrective Action | On Windows NT, 2000, XP set the registry key /System/CurrentControlSet/Control/LSA/RestrictAnonymous value to 1. |
Additional References | Arachnids http://www.whitehats.com/info/IDS204 CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0519 |
Rule References | arachnids: 204 bugtraq: 1163 cve: 2000-0347 |
--
DID:186269
--
http://www.aanval.com/