Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2951 |
Message | NETBIOS SMB-DS too many stacked requests |
Summary | This event is generated when multiple stacked SMB requests are made. |
Impact | Possible IDS evasion. |
Detailed Information | This event is generated when multiple stacked SMB requests are detected. This behavior does not occur on a regular basis in normal network traffic. This event may indicate an attempt to evade an IDS. |
Affected Systems | All systems using SMB. |
Attack Scenarios | An attacker might create multiple stacked SMB requests in an attempt to bypass an IDS. |
Ease of Attack | Simple. |
Corrective Action | Apply the appropriate vendor supplied patches Disallow the use of SMB. |
Additional References |
--
DID:562197
--
http://www.aanval.com/