[Snort-users] MS Terminal Server Requests

Parker, Ian parker.ian at ...6018...
Fri Dec 20 10:31:08 EST 2002

I was wondering who created the experimental Snort rule for detecting
malformed RDP packets in an MS terminal server request, SID 1447, and how
they came up with that particular payload. The reason I'm curious is that
every RDP packet to my terminal servers has this payload, so the rule gets
triggered all the time.

Ian Parker, GCWN

Senior Systems Analyst
Upgrading Plant Computing
Syncrude Canada Ltd

parker.ian at ...6018...

More information about the Snort-users mailing list