GEN:SID | 1:2496 |
Message | NETBIOS SMB-DS DCEPRC ORPCThis request flood attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the Microsoft RPC service.
|
Impact | Denial of Service (DoS). Possible execution of arbitrary code leading to unauthorized remote access to the victim host.
|
Detailed Information | It may be possible for an attacker to cause a DoS condition in the Microsoft RPC service when multiple simultaneous requests are made to a vulnerable host. This can lead to an exhaustion of system resources causing the DoS.
|
Affected Systems | Windows systems running RPC services
|
Attack Scenarios | An attacker may attempt to bind to the RPC service many times in an attempt to cause the DoS condition to occur.
|
Ease of Attack | Difficult.
|
Corrective Action | Block access to RPC ports 135, 139 and 445 for both TCP and UDP protocols from external sources using a packet filtering firewall.
Apply the appropriate vendor supplied patches
|
Additional References | |
Rule References | bugtraq: 8811
cve: 2003-0813
nessus: 12206
url: www.microsoft.com/technet/security/bulletin/MS04-011.mspx
|