Signature Detail

Short Name	SMB:ENUM:NAME-LOOKUP
Severity	Low
Recommended	No
Category	SMB
Keywords	smb name lookup user2sid WAN
Release Date	2004/01/29
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

SMB: Name Lookup

This protocol anomaly is the \pipe\lsarpc (Local Security Authority) named pipe transaction used to execute the LookupAccountName function. Programs such as user2sid and Hyena use this named pipe transaction to validate usernames on the target host. This type of traffic is common between domain controllers. This protocol anomaly should be used to inspect WAN traffic only.

Extended Description

None

References

URL: http://www.systemtools.com
URL: http://www.chem.msu.su/~rudnyi/NT/sid.txt

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

SMB: Name Lookup

Extended Description

References