GEN:SID 1:2479
Message NETBIOS SMB-DS winreg unicode bind attempt
Summary This event is generated when an attempt is made to bind to the winreg
service.
Impact Unknown.
Detailed Information This event is generated when an attempt is made to bind to the RPC
service for winreg.
Affected Systems Windows systems
Attack Scenarios An attacker may attempt to bind to the service to manipulate host
settings.
Ease of Attack Simple.
Corrective Action Block access to RPC ports 135, 139 and 445 for both TCP and UDP
protocols from external sources using a packet filtering firewall.
Additional References Microsoft Technet
http://support.microsoft.com/support/kb/articles/q153/1/83.asp
CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-0562
Winreg
http://www.rutherfurd.net/python/winreg/