Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2494 |
Message | NETBIOS DCEPRC ORPCThis request flood attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the Microsoft RPC service. |
Impact | Denial of Service (DoS). Possible execution of arbitrary code leading to unauthorized remote access to the victim host. |
Detailed Information | It may be possible for an attacker to cause a DoS condition in the Microsoft RPC service when multiple simultaneous requests are made to a vulnerable host. This can lead to an exhaustion of system resources causing the DoS. |
Affected Systems | Windows systems running RPC services |
Attack Scenarios | An attacker may attempt to bind to the RPC service many times in an attempt to cause the DoS condition to occur. |
Ease of Attack | Difficult. |
Corrective Action | Block access to RPC ports 135, 139 and 445 for both TCP and UDP protocols from external sources using a packet filtering firewall. Apply the appropriate vendor supplied patches |
Additional References | |
Rule References | bugtraq: 8811 cve: 2003-0813 nessus: 12206 url: www.microsoft.com/technet/security/bulletin/MS04-011.mspx |
--
DID:350729
--
http://www.aanval.com/