GEN:SID 1:2191
Message NETBIOS SMB DCERPC invalid bind attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in Microsoft RPC DCOM.
Impact Denial of Service (DoS).
Detailed Information A vulnerability exists in Microsoft RPC DCOM such that execution of
arbitrary code or a Denial of Service condition can be issued against a
host by sending malformed data via RPC.

The Distributed Component Object Model (DCOM) handles DCOM requests sent
by clients to a server using RPC. A malformed request to an RPC port
will result in a buffer overflow condition that will present the
attacker with the opportunity to execute arbitrary code with the
privileges of the local system account.
Affected Systems Windows NT 4.0
    Windows NT 4.0 Terminal Server Edition
    Windows 2000
    Windows XP
    Windows Server 2003
Attack Scenarios An attacker may make a request for a file with an overly long filename
via a network share.
Ease of Attack Simple. Expoit code exists.
Corrective Action Apply the appropriate vendor supplied patches.

Block access to RPC ports 135, 139 and 445 for both TCP and UDP
protocols from external sources using a packet filtering firewall.
Additional References Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0352