GEN:SID 1:529
Message NETBIOS DOS RFPoison
Summary This event is generated when an attempt is made to issue a Denial of
Service (DoS) attack against a host using the RFPoison tool.
Impact Serious. Denial of Service.
Detailed Information The Microsoft Local Security Authority (LSA) service does not handle
certain malformed requests correctly. This service allows for the
manipulation of user privileges on the host. A specially crafted
malformed request sent to the LSA service will cause the system to
become unresponsive.
Affected Systems Microsoft Windows NT Workstation
    Microsoft Windows NT Server
    Microsoft Windows NT Terminal Server
    
Attack Scenarios An attacker can use the RFPoison tool against a host to generate the
request necessary to cause the DoS.
Ease of Attack Simple.
Corrective Action Apply the appropriate vendor supplied patches.

Upgrade to the latest non-affected version of the software.
Additional References RFP:
http://www.wiretrip.net/rfp/txt/rfp9906.txt

Microsoft:
http://support.microsoft.com/support/kb/articles/Q231/4/57.asp
Rule References arachnids: 454