Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1067 |
| Message | WEB-MISC net attempt |
| Summary | This event is generated when the NET command is used for message sending, remote null session connections etc. |
| Impact | Information gathering. |
| Detailed Information | An attacker tried to access the "net" command on a host. The Windows "net" command is usually not accessible through a webserver, check for possible directory traversal attacks. Net cannot be used to gain full control of a host, but can establish null sessions on weakly protected Windows hosts for example or to gain information on the network the host is connected to. |
| Affected Systems | |
| Attack Scenarios | A web request for the command "net". |
| Ease of Attack | Simple. |
| Corrective Action | Protect "net.exe" from remote usage. Remove the file completly if it is not needed. |
| Additional References |
--
DID:781484
--
http://www.aanval.com/