Thread: vista RDP, 3389/tcp
View Single Post
  #1 (permalink)  
Old 2007-02-07
oliver oliver is offline
Member
  
Join Date: 2006-01-12
Location: Innsbruck, Austria
Posts: 49
Rep Power: 0
oliver has an average reputation (10+)
Default vista RDP, 3389/tcp
hello,

we´ve enabled 3389/tcp accessing a database-system running on windows 2003 server in DMZNet-2. we´re using smart defense / application intelligence / remote control applications / rdp enforcement - so far so good with windows < vista. if we access our database-system with a vista frontend smart defence recognized an RDP Buffer Overflow an drops the connection:

Number: 163504
Date: 7Feb2007
Time: 9:35:19
Product: SmartDefense
Interface: eth4
Origin: sg1 (xx.xx.xx.xx)
Type: Log
Action: Drop
Protocol: tcp
Service: tcp-3389 (3389)
Source: 80.109.137.158
Destination: xx.xx.xx.xx
Source Port: 49223
Attack Name: RDP Buffer Overflow
Attack Information: Microsoft Windows RDP DoS Exploit Attempt Detected

i´m wondering if anybody has an idea to let smart defense / rdp enforcement still enabled and not in monitoring only mode.

thanks in advance for any input.

kind regards
oliver
Reply With Quote