Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2987 |
| Message | NETBIOS SMB-DS winreg unicode andx create tree attempt |
| Summary | This event is generated when an attempt is made to create an AndX entry via SMB. |
| Impact | Unknown. |
| Detailed Information | This event is generated when an attempt is made to create an AndX entry via SMB. |
| Affected Systems | Windows systems |
| Attack Scenarios | An attacker may attempt to bind to the service to manipulate host settings then create an entry in the winreg service. |
| Ease of Attack | Simple. |
| Corrective Action | Block access to RPC ports 135, 139 and 445 for both TCP and UDP protocols from external sources using a packet filtering firewall. |
| Additional References | Microsoft Technet http://support.microsoft.com/support/kb/articles/q153/1/83.asp CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0562 Winreg http://www.rutherfurd.net/python/winreg/ |
--
DID:895061
--
http://www.aanval.com/