GEN:SID | 1:2999 |
Message | NETBIOS SMB-DS InitiateSystemShutdown unicode little endian andx attempt |
Summary | This event is generated when an attempt is made to shutdown a Windows system via SMB.
|
Impact | Serious.
|
Detailed Information | This event indicates that an attempt was made to shutdown a Windows system via SMB across the network.
It may be possible for an attacker to manipulate a Windows system from a remote location. Shutting down a system may lead to a Denial of Service for the target host.
|
Affected Systems | Microsoft Windows systems.
|
Attack Scenarios | An attacker may be able to manipulate a target system using SMB. The attacker may gain complete control over the affected system.
|
Ease of Attack | Simple.
|
Corrective Action | Check the host for signs of system compromise.
Turn off file and print sharing on the target host.
Use a packet filtering firewall to disallow SMB access to the host from sources external to the protected network.
Disallow remote registry manipulation.
|
Additional References | |