GEN:SID | 1:2923 |
Message | NETBIOS SMB repeated logon failure |
Summary | This event is generated when repeated failed attempts are made to access an SMB share. |
Impact | Unknown. Possible information disclosure and loss of data.
|
Detailed Information | This event indicates that multiple failed attempts have been made to access an SMB network share. This may indicate a determined effort by an unauthorized user to access information and data on a network share.
|
Affected Systems | All systems sharing resources using SMB
|
Attack Scenarios | An attacker can make repeated attempts to access network shares in an attempt to gain information.
|
Ease of Attack | Simple. No exploit software required.
|
Corrective Action | Apply strict access control to all networked resources.
|
Additional References | |