IPS Signature for RDP Connects?

Unanswered Question
Oct 15th, 2008

First off we're trying to phase out our snort box and move onto our under-used IPS that we got. I've been trying to match the snort alerts we get to alerts that IPS can give. The one that I haven't seen or didn't realize it was the one I wanted, was RDP connections.

Our current snort notifies us when there is a RDP connection from the VPN to a server. Is there a sig thats already built in that detects this or is it something that I might have to build. If it is the later, how would you go about creating a signature for that?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
abinjola Thu, 10/16/2008 - 10:33

Using Custom Signature Wizard you need to create your own signature for this RDP traffic

kylehughes Wed, 04/22/2009 - 07:12

No I haven't, but that project has semi been put on the back burner. I will try and update the thread if we figure out a sig


This Discussion