Signature Detail
Short Name |
SCAN:METASPLOIT:SMB-ACTIVE |
|---|---|
Severity |
High |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
SCAN |
Keywords |
Metasploit SMB Activity |
Release Date |
2004/12/13 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SCAN: Metasploit SMB Activity
This signature detects traffic generated by the open-source exploiting tool Metasploit Framework. Other signatures can also trip. This indicates that someone is using this tool on your network. Follow-up investigation of source or target machines might be required.
Extended Description
Extensive SMB protocol scanning on the network is a good sign that someone is trying to search for vulnerable systems within the network. Attackers may be using code from the Metasploit archives to compromise vulnerable systems.
References
- CVE: CVE-2004-1154
- URL: http://www.metasploit.com/