GEN:SID 1:2924
Message NETBIOS SMB-DS repeated logon failure
Summary This event is generated when repeated failed attempts are made to access
an SMB share.
Impact Unknown. Possible information disclosure and loss of data.
Detailed Information This event indicates that multiple failed attempts have been made to
access an SMB network share. This may indicate a determined effort by an
unauthorized user to access information and data on a network share.
Affected Systems All systems sharing resources using SMB
Attack Scenarios An attacker can make repeated attempts to access network shares in an
attempt to gain information.
Ease of Attack Simple. No exploit software required.
Corrective Action Apply strict access control to all networked resources.
Additional References