SERVER-SAMBA -- Snort has detected traffic exploiting vulnerabilities in Samba servers.
SERVER-SAMBA Samba unsigned connections attempt
This event is generated when an SMB connection is not correctly enforced to be signed, which may lead to connection hijacking.
Attempted User Privilege Gain
There are specific Samba commands that doesn't enforce a signing of the Samba connection when they explicitly require to use it. This lack of enforcement, could lead to a hijacking of the connections since they are not encrypted and the information could be modified intentionally by a man in the middle attack.
Ease of Attack:
What To Look For
No public information
No known false positives
Cisco Talos Intelligence Group
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information