Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2348 |
| Message | NETBIOS SMB-DS DCERPC print spool bind attempt |
| Summary | This rule does not generate an event. I does activate sid 2349 however.s |
| Impact | Intelligence gathering. |
| Detailed Information | This rule checks for a bind to a print spool using DCE RPC. This may be an attempt to check for printer and printer services available on a host. Sid 2349 will generate an event when an attempt is made to enumerate the printer service on a host. |
| Affected Systems | All Microsoft DCE RPC enabled systems |
| Attack Scenarios | |
| Ease of Attack | Simple |
| Corrective Action | |
| Additional References |
--
DID:677502
--
http://www.aanval.com/