| GEN:SID | 1:2176 |
| Message | NETBIOS SMB startup folder access |
| Summary | This event is generated when an attempt is made to access a system folder via SMB.
|
| Impact | Serious. This folder contains important operating system information.
|
| Detailed Information | This event indicates that an attempt was made to access a folder containing important operating system files using SMB across the network.
|
| Affected Systems | Microsoft Windows systems.
|
| Attack Scenarios | If this folder is accessible via SMB the attacker can replace or view important operating system files.
|
| Ease of Attack | Simple.
|
| Corrective Action | Check the host for signs of system compromise.
Turn off file and print sharing on the target host.
Use a packet filtering firewall to disallow SMB access to the host from sources external to the protected network.
|
| Additional References | |