SMB shut down request has been detected (SMB_Shutdown_Request)

About this signature or vulnerability

RealSecure Server Sensor, IBM Security Host Protection for Servers (Windows), Proventia Network IPS, IBM Security Host Protection for Servers (Unix), Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware, IBM Security Host Protection for Desktops, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network MFS:

This signature detects an smb client request to perform a system shutdown.


Default risk level

Low risk vulnerability  Low

Sensors that have this signature

RealSecure Server Sensor: XPU 22.31, IBM Security Host Protection for Servers (Windows): 1.0.914.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, Proventia Network IPS: 2.0, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0, IBM Security Host Protection for Desktops: 8.0.614.1, Proventia-G 1.1 and earlier: XPU 22.31, Proventia Network IDS: XPU 22.31, Proventia Network MFS: XPU 1.29

Systems affected

Microsoft Windows, Unix Unix, SMB SMB

Type

Suspicious Activity

Vulnerability description

SMB (Server Message Block) is a client server protocol used for file and printer sharing for Microsoft Windows and Unix-based operating systems. A client has attempted to shut down a service by sending a SMB command.

How to remove this vulnerability

This event is for informational purposes only.

References

What is SMB? Web site
Just what is SMB?
http://samba.anu.edu.au/cifs/docs/what-is-smb.html

Server Message Block Protocol
Server Message Block Protocol
http://members.microsoft.com/consent/info/protocol_pages%5Cportal_server_message_block_protocol.htm

ISS X-Force
SMB shut down request has been detected
http://www.iss.net/security_center/static/16155.php