| GEN:SID | 1:2951 |
| Message | NETBIOS SMB-DS too many stacked requests |
| Summary | This event is generated when multiple stacked SMB requests are made.
|
| Impact | Possible IDS evasion.
|
| Detailed Information | This event is generated when multiple stacked SMB requests are detected. This behavior does not occur on a regular basis in normal network traffic. This event may indicate an attempt to evade an IDS.
|
| Affected Systems | All systems using SMB.
|
| Attack Scenarios | An attacker might create multiple stacked SMB requests in an attempt to bypass an IDS.
|
| Ease of Attack | Simple.
|
| Corrective Action | Apply the appropriate vendor supplied patches
Disallow the use of SMB.
|
| Additional References | |