| GEN:SID | 1:2349 |
| Message | NETBIOS SMB-DS DCERPC enumerate printers request attempt |
| Summary | This event is generated when an attempt is made to enumerate the printer service on a system using DCE RPC.
|
| Impact | Intelligence gathering.
|
| Detailed Information | This rule checks for an attempt to enumerate a print spool service using DCE RPC. This may be an attempt to check for printer and printer services available on a host.
|
| Affected Systems | All Microsoft DCE RPC enabled systems |
| Attack Scenarios | An attacker may identify the print service being used and exploit that information in further attacks against the system.
|
| Ease of Attack | Simple
|
| Corrective Action | |
| Additional References | |