Versions (4)
Version DetailsCurrent
Rev: 4 • Sep 23, 2010, 12:00 PMGPL NETBIOS SMB-DS repeated logon failure
alert tcp $HOME_NET 445 -> $EXTERNAL_NET any (msg:"GPL NETBIOS SMB-DS repeated logon failure"; flow:from_server,established; content:"|FF|SMB"; depth:4; offset:4; content:"s"; within:1; content:"m|00 00 C0|"; within:4; threshold:type threshold,track by_dst,count 10,seconds 60; classtype:unsuccessful-user; sid:2102924; rev:4; metadata:created_at 2010_09_23, confidence Medium, signature_severity Informational, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2019_07_26;)
Sep 23, 2010, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
Jan 8, 2026, 10:34 PM
rules/emerging-netbios.rules