| GEN:SID | 1:2924 |
| Message | NETBIOS SMB-DS repeated logon failure |
| Summary | This event is generated when repeated failed attempts are made to access an SMB share. |
| Impact | Unknown. Possible information disclosure and loss of data.
|
| Detailed Information | This event indicates that multiple failed attempts have been made to access an SMB network share. This may indicate a determined effort by an unauthorized user to access information and data on a network share.
|
| Affected Systems | All systems sharing resources using SMB
|
| Attack Scenarios | An attacker can make repeated attempts to access network shares in an attempt to gain information.
|
| Ease of Attack | Simple. No exploit software required.
|
| Corrective Action | Apply strict access control to all networked resources.
|
| Additional References | |