GEN:SID 1:1067
Message WEB-MISC net attempt
Summary This event is generated when the NET command is used for message sending, remote null session connections etc.
Impact Information gathering.
Detailed Information An attacker tried to access the "net" command on a host.

The Windows "net" command is usually not accessible through a webserver, check for possible directory traversal attacks.

Net cannot be used to gain full control of a host, but can establish null sessions on weakly protected Windows hosts for example or to gain information on the network the host is connected to.
Affected Systems  
Attack Scenarios A web request for the command "net".
Ease of Attack Simple.
Corrective Action Protect "net.exe" from remote usage. Remove the file completly if it is
not needed.
Additional References