| GEN:SID | 1:1067 |
| Message | WEB-MISC net attempt |
| Summary | This event is generated when the NET command is used for message sending, remote null session connections etc.
|
| Impact | Information gathering.
|
| Detailed Information | An attacker tried to access the "net" command on a host.
The Windows "net" command is usually not accessible through a webserver, check for possible directory traversal attacks.
Net cannot be used to gain full control of a host, but can establish null sessions on weakly protected Windows hosts for example or to gain information on the network the host is connected to.
|
| Affected Systems | |
| Attack Scenarios | A web request for the command "net".
|
| Ease of Attack | Simple.
|
| Corrective Action | Protect "net.exe" from remote usage. Remove the file completly if it is not needed.
|
| Additional References | |