10-15-2008 02:39 PM - edited 03-10-2019 04:19 AM
First off we're trying to phase out our snort box and move onto our under-used IPS that we got. I've been trying to match the snort alerts we get to alerts that IPS can give. The one that I haven't seen or didn't realize it was the one I wanted, was RDP connections.
Our current snort notifies us when there is a RDP connection from the VPN to a server. Is there a sig thats already built in that detects this or is it something that I might have to build. If it is the later, how would you go about creating a signature for that?
Thanks
10-16-2008 10:33 AM
Using Custom Signature Wizard you need to create your own signature for this RDP traffic
04-22-2009 04:55 AM
Kyle -
Did you ever find (or write) a signature to detect RDP connections? I'm specifically looking to detect RDP connections over non-standards ports (similar to the SSH over non-standard ports signature that exists).
04-22-2009 07:12 AM
No I haven't, but that project has semi been put on the back burner. I will try and update the thread if we figure out a sig
04-22-2009 07:14 AM
Hi Kyle,
Try to use Below link to search specific signature you want .
http://tools.cisco.com/security/center/search.x
Regards
Ritesh Malviya
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: