GEN:SID | 1:612 |
Message | RPC rusers query UDP |
Summary | This event is generated when a request is made via Remote Procedure Call (RPC) to list the logged in users.
|
Impact | Reconnaissance. A response to this request provides valid user names that can connect to the host.
|
Detailed Information | The rusers RPC query is used to discover the users currently logged on to the host. A response to this request provides valid user names that can connect to the host. This information can be used to attempt a brute force guessing of associated passwords.
|
Affected Systems | All systems running rusers.
|
Attack Scenarios | An attacker may attempt to list all logged in users to gather information for a future brute force password attack.
|
Ease of Attack | Simple.
|
Corrective Action | Limit remote access to RPC services.
Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.
Disable unneeded RPC services.
|
Additional References | www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0626
|
Rule References | cve: 1999-0626
|