This event is generated when an attacker attempts to trigger a denial of service in a Samba internal DNS resolver.
Detection of a Denial of Service Attack
Rule checks for an attempt to trigger a denial of service in a Samba DNS resolver.
Ease of Attack:
What To Look For
No public information
No known false positives
MITRE ATT&CK Framework
For reference, see the MITRE ATT&CK vulnerability types here:
CVE Additional Information
CVE-2014-0239The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
||Ease of Access||