Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:529 |
Message | NETBIOS DOS RFPoison |
Summary | This event is generated when an attempt is made to issue a Denial of Service (DoS) attack against a host using the RFPoison tool. |
Impact | Serious. Denial of Service. |
Detailed Information | The Microsoft Local Security Authority (LSA) service does not handle certain malformed requests correctly. This service allows for the manipulation of user privileges on the host. A specially crafted malformed request sent to the LSA service will cause the system to become unresponsive. |
Affected Systems | Microsoft Windows NT Workstation Microsoft Windows NT Server Microsoft Windows NT Terminal Server |
Attack Scenarios | An attacker can use the RFPoison tool against a host to generate the request necessary to cause the DoS. |
Ease of Attack | Simple. |
Corrective Action | Apply the appropriate vendor supplied patches. Upgrade to the latest non-affected version of the software. |
Additional References | RFP: http://www.wiretrip.net/rfp/txt/rfp9906.txt Microsoft: http://support.microsoft.com/support/kb/articles/Q231/4/57.asp |
Rule References | arachnids: 454 |
--
DID:708153
--
http://www.aanval.com/