Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2483 |
| Message | NETBIOS SMB-DS InitiateSystemShutdown little endian attempt |
| Summary | This event is generated when an attempt is made to shutdown a service via SMB. |
| Impact | Serious. |
| Detailed Information | This event indicates that an attempt was made to shutdown a service on a system using SMB across the network. |
| Affected Systems | Microsoft Windows systems. |
| Attack Scenarios | An attacker may try to deny services to other users. |
| Ease of Attack | Simple. |
| Corrective Action | Check the host for signs of system compromise. Turn off file and print sharing on the target host. Use a packet filtering firewall to disallow SMB access to the host from sources external to the protected network. |
| Additional References |
--
DID:607254
--
http://www.aanval.com/