[Snort-sigs] False positive: MISC MS Terminal Server no encryption session initiation attempt (SID 2418)
r.fulton at ...575...
Thu Feb 8 21:04:20 EST 2007
On 8/02/2007, at 3:39 AM, Stephan Scholz wrote:
> I'd like to report a false positive concerning Windows Remote Desktop.
> Rule: MISC MS Terminal Server no encryption session initiation
> False Positives:
> Update Windows XP SP2 client with optional update: "Remote Desktop
> Connection (Terminal Services Client 6.0) for Windows XP (KB925876)"
> Connect to an RDP server. This will lead to a false positive.
Ah, so that's it! I've been seeing these for some time and no one
could explain them.
Can this rule be tightened or should it be dropped?
More information about the Snort-sigs