Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2174 |
Message | NETBIOS SMB winreg create tree attempt |
Summary | This event is generated when an attempt is made to access a system file via SMB. |
Impact | Serious. This file contains important operating system information. |
Detailed Information | This event indicates that an attempt was made to access a file containing important operating system information using SMB across the network. |
Affected Systems | Microsoft Windows systems. |
Attack Scenarios | If this file is accessible via SMB the attacker can manipulate the operating system registry settings. |
Ease of Attack | Simple. |
Corrective Action | Check the host for signs of system compromise. Turn off file and print sharing on the target host. Use a packet filtering firewall to disallow SMB access to the host from sources external to the protected network. |
Additional References | Microsoft Technet http://support.microsoft.com/support/kb/articles/q153/1/83.asp CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0562 Winreg http://www.rutherfurd.net/python/winreg/ |
--
DID:785952
--
http://www.aanval.com/