Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2495 |
| Message | NETBIOS SMB DCEPRC ORPCThis request flood attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in the Microsoft RPC service. |
| Impact | Denial of Service (DoS). Possible execution of arbitrary code leading to unauthorized remote access to the victim host. |
| Detailed Information | It may be possible for an attacker to cause a DoS condition in the Microsoft RPC service when multiple simultaneous requests are made to a vulnerable host. This can lead to an exhaustion of system resources causing the DoS. |
| Affected Systems | Windows systems running RPC services |
| Attack Scenarios | An attacker may attempt to bind to the RPC service many times in an attempt to cause the DoS condition to occur. |
| Ease of Attack | Difficult. |
| Corrective Action | Block access to RPC ports 135, 139 and 445 for both TCP and UDP protocols from external sources using a packet filtering firewall. Apply the appropriate vendor supplied patches |
| Additional References | |
| Rule References | bugtraq: 8811 cve: 2003-0813 nessus: 12206 url: www.microsoft.com/technet/security/bulletin/MS04-011.mspx |
--
DID:359873
--
http://www.aanval.com/