NETBIOS -- Snort has flagged on traffic on the netbios protocol, which is used to share files across a local network.
NETBIOS MikroTik RouterOS buffer overflow attempt
This event is generated when an attacker attempts to exploit a buffer overflow vulnerability present in the MikroTik RouterOS NetBIOS service.
Attempted User Privilege Gain
Rule checks for an attempt to exploit a buffer overflow vulnerability present in the Mikrotik RouterOS NetBIOS service.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2018-7445A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it. All architectures and all devices running RouterOS before versions 6.41.3/6.42rc27 are vulnerable.
||Ease of Access||