Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:2349 |
Message | NETBIOS SMB-DS DCERPC enumerate printers request attempt |
Summary | This event is generated when an attempt is made to enumerate the printer service on a system using DCE RPC. |
Impact | Intelligence gathering. |
Detailed Information | This rule checks for an attempt to enumerate a print spool service using DCE RPC. This may be an attempt to check for printer and printer services available on a host. |
Affected Systems | All Microsoft DCE RPC enabled systems |
Attack Scenarios | An attacker may identify the print service being used and exploit that information in further attacks against the system. |
Ease of Attack | Simple |
Corrective Action | |
Additional References |
--
DID:510443
--
http://www.aanval.com/