locked
CVE-2010-0231 - SMB: User Password Brute-force Attempt RRS feed

  • Question

  • Hola gente.

    Tengo una consulta.

    Nos hemos dado cuenta recientemente que algunos servidores que tenemos en DMZ (Windows 2003, 2008) a la hora de acceder a un recurso de red de un equipo de dominio (Windows 2008 R2 en este caso) a traves de \\servidor_destino este genera unas 80 conexiones constantes hasta que pide login y password. Y no siempre da el mensaje de login a la primera.

    Esto lo sabemos porque el firewall Palo Alto que tenemos nos muestra los mensajes de bloqueo por intento de ataque por fuerza bruta.

    SMB: User Password Brute-force Attempt

    Según Palo Alto es una vulnerabilidad registrada con la referencia CVE-2010-0231 y Microsoft la tiene registrada como MS10-012 de 2010.

    CVE-2010-0231

    https://live.paloaltonetworks.com/t5/Threat-Articles/Brute-Force-Signature-and-Related-Trigger-Conditions/ta-p/52284

    https://technet.microsoft.com/es-es/library/security/ms10-012.aspx

    He comprobado en mi WSUS que estuviese aprobado el parche y si lo está.

    ¿Qué sucede? ¿Alguien sabe si hay forma de controlar este número de intentos de conexiónes simultaneas cuando intento hacer login desde un equipo de DMZ?

    Saludos.

    Tuesday, June 28, 2016 10:45 AM

All replies

  • I have this problems too.

    Did you solves this case?

    Thursday, June 18, 2020 8:01 AM
  • Hola Phearak Sem

     

    Thank you for your response in the TechNet forums. I'm informing you that this thread will be closed due to its antiquity. If you have a question or query similar to this or a new one, please open a new thread.

     

    We also thank you very much for your response and collaboration.

     

    If you have any questions about Microsoft products, please contact us. It's a pleasure to inform you.

    Thank you for using the TechNet forums.

     

     

    Miguel Mosquera

     

    --------------------------------------------------------------------------

     

    Please remember to "Mark as Response" the answers that have solved your problem, it is a common way to recognize those who have helped, and it makes it easier for other visitors to find the solution later.

     

    Microsoft offers this service free of charge, with the aim of helping users and expanding the knowledge base related to Microsoft products and technologies. 

     

    This content is provided "as is" and does not imply any responsibility on the part of Microsoft.

    Thursday, June 18, 2020 10:54 AM
    Moderator