I'm looking to see if anyone has any information to block repeated failed RDP requests using an IPS module in my Cisco ASA 5520. I've reviewed the article at https://supportforums.cisco.com/thread/2102624 and followed the steps.
It seems like the IPS is getting "some" but not all the attempts. Ill get notifications that x.x ip address was blocked on this signature, yet other servers repeatedly get pounded with bad RDP requests.
Anyone have a sure fire way to have the IPS inspect all traffic for bad RDP requests?