[Snort-sigs] False positive: MISC MS Terminal Server no encryption session initiation attempt (SID 2418)

Russell Fulton r.fulton at ...575...
Thu Feb 8 21:04:20 EST 2007


On 8/02/2007, at 3:39 AM, Stephan Scholz wrote:

> I'd like to report a false positive concerning Windows Remote Desktop.
>
>
>
> Rule:  MISC MS Terminal Server no encryption session initiation  
> attempt
>
>
> --
> False Positives:
> Update Windows XP SP2 client with optional update: "Remote Desktop  
> Connection (Terminal Services Client 6.0) for Windows XP (KB925876)"
> Connect to an RDP server. This will lead to a false positive.

Ah, so that's it!  I've been seeing these for some time and no one  
could explain them.

Can this rule be tightened or should it be dropped?

Russell






More information about the Snort-sigs mailing list