Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2951 |
| Message | NETBIOS SMB-DS too many stacked requests |
| Summary | This event is generated when multiple stacked SMB requests are made. |
| Impact | Possible IDS evasion. |
| Detailed Information | This event is generated when multiple stacked SMB requests are detected. This behavior does not occur on a regular basis in normal network traffic. This event may indicate an attempt to evade an IDS. |
| Affected Systems | All systems using SMB. |
| Attack Scenarios | An attacker might create multiple stacked SMB requests in an attempt to bypass an IDS. |
| Ease of Attack | Simple. |
| Corrective Action | Apply the appropriate vendor supplied patches Disallow the use of SMB. |
| Additional References |
--
DID:562197
--
http://www.aanval.com/