Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1257 |
Message | DOS Winnuke attack |
Summary | This event is generated when an attempt is made to use WinNuke against a host. |
Impact | Serious. Possible Denial of Service (DoS), this can cause a system to crash or lose network connectivity |
Detailed Information | An attacker can send a malformed data packet to and networked host over TCP and cause a DoS, loss of network connectivity, or a system crash. |
Affected Systems | Windows NT Workstation and Server 4.0 Windows NT Workstation and Server 3.5.x Windows 3.1x Windows 95 |
Attack Scenarios | Program is run against a system in an attempt to knock the system off the network. |
Ease of Attack | Simple. An attacker runs WinNuke and enters an IP address of a target system. |
Corrective Action | Since there is no known fix for several of the affected operating systems, SMB traffic should be blocked at the firewall and all TCP traffic on ports 139/135 should be dropped. |
Additional References | CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0153 Bugtraq: http://www.securityfocus.com/bid/2010 |
Rule References | bugtraq: 2010 cve: 1999-0153 |
--
DID:855083
--
http://www.aanval.com/