Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1110
Views
0
Helpful
4
Replies

IPS Signature for RDP Connects?

kylehughes
Level 1
Level 1

‎10-15-2008 02:39 PM - edited ‎03-10-2019 04:19 AM

First off we're trying to phase out our snort box and move onto our under-used IPS that we got. I've been trying to match the snort alerts we get to alerts that IPS can give. The one that I haven't seen or didn't realize it was the one I wanted, was RDP connections.

Our current snort notifies us when there is a RDP connection from the VPN to a server. Is there a sig thats already built in that detects this or is it something that I might have to build. If it is the later, how would you go about creating a signature for that?

Thanks

Labels:
0 Helpful
4 Replies 4

abinjola
Cisco Employee
Cisco Employee

‎10-16-2008 10:33 AM

Using Custom Signature Wizard you need to create your own signature for this RDP traffic

0 Helpful

elevin
Level 1
Level 1

‎04-22-2009 04:55 AM

Kyle -

Did you ever find (or write) a signature to detect RDP connections? I'm specifically looking to detect RDP connections over non-standards ports (similar to the SSH over non-standard ports signature that exists).

0 Helpful

kylehughes
Level 1
Level 1
In response to elevin

‎04-22-2009 07:12 AM

No I haven't, but that project has semi been put on the back burner. I will try and update the thread if we figure out a sig

0 Helpful

r.malviya
Level 1
Level 1
In response to elevin

‎04-22-2009 07:14 AM

Hi Kyle,

Try to use Below link to search specific signature you want .

http://tools.cisco.com/security/center/search.x

Regards

Ritesh Malviya

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card