Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2418 |
| Message | MISC MS Terminal Server no encryption session initiation attempt |
| Summary | This event is generated when an attempt is made to connect to a Microsoft Terminal Server without using encryption. |
| Impact | Serious. Denial of Service. |
| Detailed Information | Microsoft Windows Terminal Server for NT systems fails to correctly validate RDP data from client machines that do not use encryption. |
| Affected Systems | Microsoft Windows Terminal Server |
| Attack Scenarios | An attacker can use one of the publicly available exploit scripts to cause the DoS. |
| Ease of Attack | Simple. Exploit software exists. |
| Corrective Action | Apply the appropriate vendor supplied patch. |
| Additional References | |
| Rule References | url: www.microsoft.com/technet/security/bulletin/MS01-052.mspx |
--
DID:883901
--
http://www.aanval.com/