HighProventia Server IPS for Linux technology, RealSecure Desktop Protector 3.6, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Network MFS, BlackICE Agent for Server, BlackICE PC Protection, BlackICE Server Protection, RealSecure Server Sensor, RealSecure Network, Virtual Server Protection for Vmware:
This signature detects when an unsuccessful login attempt with no password is made to an SMB server.
High
Proventia Server IPS for Linux technology: 1.0, RealSecure Desktop Protector 3.6: enw, Proventia Network IPS: XPU 1.42, RealSecure Desktop: enw, Proventia-G 1.1 and earlier: XPU 22.35, Proventia Desktop: 8.0.614.1, Proventia Network IDS: XPU 22.35, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.0, Proventia Network MFS: XPU 1.35, BlackICE Agent for Server: 3.6eof, BlackICE PC Protection: 3.6cpa, BlackICE Server Protection: 3.6.cpa, RealSecure Server Sensor: XPU 22.35, RealSecure Network: XPU 22.35, Virtual Server Protection for Vmware: 1.0
Microsoft Windows, Samba Samba, Microsoft Windows 95, Microsoft Windows NT: 4.0, Microsoft Windows 98, Microsoft Windows 98SE, Microsoft Windows 2000, Microsoft Windows Me, Microsoft Windows XP, Microsoft Windows 2003 Server
Suspicious Activity
A connection has been made to the SMB server with no password. If this connection is from outside the network, consider information compromised.
No remedy available as of June 2002.
Request for Comment document RFC 1244
Site Security Handbook
ftp://ftp.isi.edu/in-notes/rfc1244.txt
ISS X-Force
Connection to SMB server with no password
http://www.iss.net/security_center/static/2358.php
CVE
CVE-1999-0519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0519