Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2924 |
Message | NETBIOS SMB-DS repeated logon failure |
Summary | This event is generated when repeated failed attempts are made to access an SMB share. |
Impact | Unknown. Possible information disclosure and loss of data. |
Detailed Information | This event indicates that multiple failed attempts have been made to access an SMB network share. This may indicate a determined effort by an unauthorized user to access information and data on a network share. |
Affected Systems | All systems sharing resources using SMB |
Attack Scenarios | An attacker can make repeated attempts to access network shares in an attempt to gain information. |
Ease of Attack | Simple. No exploit software required. |
Corrective Action | Apply strict access control to all networked resources. |
Additional References |
--
DID:629938
--
http://www.aanval.com/