GEN:SID | 1:2980 |
Message | NETBIOS SMB ADMIN$ andx share access |
Summary | This event is generated when an attempt is made to access an administrative share on a Windows machine.
|
Impact | Serious. Possible administrator access on the victim machine.
|
Detailed Information | This rule generates an event when the hidden Netbios share Admin$, which is the Winnt directory, is accessed via SMB.
This is a poor security practice or an indication that a machine is being accessed remotely.
|
Affected Systems | Windows 9x Windows 2000 Windows XP
|
Attack Scenarios | |
Ease of Attack | Simple
|
Corrective Action | Use a packet filtering firewall to disallow Netbios access from the unprotected network.
|
Additional References | |