Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1067 |
Message | WEB-MISC net attempt |
Summary | This event is generated when the NET command is used for message sending, remote null session connections etc. |
Impact | Information gathering. |
Detailed Information | An attacker tried to access the "net" command on a host. The Windows "net" command is usually not accessible through a webserver, check for possible directory traversal attacks. Net cannot be used to gain full control of a host, but can establish null sessions on weakly protected Windows hosts for example or to gain information on the network the host is connected to. |
Affected Systems | |
Attack Scenarios | A web request for the command "net". |
Ease of Attack | Simple. |
Corrective Action | Protect "net.exe" from remote usage. Remove the file completly if it is not needed. |
Additional References |
--
DID:781484
--
http://www.aanval.com/