 | ||
 vista RDP, 3389/tcp | ||
| CPUG | |
| The Check Point User Group | |
| A Resource For The Check Point Community. Fast. Useful. Independent. | |
|
| |||||||
 |
| | LinkBack | Thread Tools | Display Modes |
 2007-02-07 | |||
| |||
 vista RDP, 3389/tcp hello, we´ve enabled 3389/tcp accessing a database-system running on windows 2003 server in DMZNet-2. we´re using smart defense / application intelligence / remote control applications / rdp enforcement - so far so good with windows < vista. if we access our database-system with a vista frontend smart defence recognized an RDP Buffer Overflow an drops the connection: Number: 163504 Date: 7Feb2007 Time: 9:35:19 Product: SmartDefense Interface: eth4 Origin: sg1 (xx.xx.xx.xx) Type: Log Action: Drop Protocol: tcp Service: tcp-3389 (3389) Source: 80.109.137.158 Destination: xx.xx.xx.xx Source Port: 49223 Attack Name: RDP Buffer Overflow Attack Information: Microsoft Windows RDP DoS Exploit Attempt Detected i´m wondering if anybody has an idea to let smart defense / rdp enforcement still enabled and not in monitoring only mode. thanks in advance for any input. kind regards oliver  |
| 2007-02-07 | |||
| |||
| Re: vista RDP, 3389/tcp There is an SK article on this from the past few weeks. There currently is no fix other than going to monitor-only. It has something to do with changes MS made. If you install the "recommended" RDP thing from WindowsUpdate, you get the same thing happening. Ray |
|
| Thread Tools | |
| Display Modes | |
| |
Linear Mode
