Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:1917 |
Message | SCAN UPnP service discover attempt |
Summary | This event is generated when a scan is detected. |
Impact | Information gathering. |
Detailed Information | This event indicates that an attempt has been made to scan a host. This may be the prelude to an attack. Scanners are used to ascertain which ports a host may be listening on, whether or not the ports are filtered by a firewall and if the host is vulnerable to a particular exploit. |
Affected Systems | Any host. |
Attack Scenarios | An attacker may determine if UPnP is enabled on a host and then attempt to exploit a known vulnerability in the service. |
Ease of Attack | Simple. |
Corrective Action | Determine whether or not the scan was legitimate then look for other events concerning the attacking IP address. Check the host for signs of compromise. |
Additional References |
--
DID:537014
--
http://www.aanval.com/