GEN:SID | 1:2950 |
Message | NETBIOS SMB too many stacked requests |
Summary | This event is generated when multiple stacked SMB requests are made.
|
Impact | Possible IDS evasion.
|
Detailed Information | This event is generated when multiple stacked SMB requests are detected. This behavior does not occur on a regular basis in normal network traffic. This event may indicate an attempt to evade an IDS.
|
Affected Systems | All systems using SMB.
|
Attack Scenarios | An attacker might create multiple stacked SMB requests in an attempt to bypass an IDS.
|
Ease of Attack | Simple.
|
Corrective Action | Apply the appropriate vendor supplied patches
Disallow the use of SMB.
|
Additional References | |