Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 APP:RDP-BRUTE-FORCE

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Windows Remote Desktop Protocol (RDP) Brute Force Attempt

Release Date

 2011/09/01

Update Number

 1984

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Windows Remote Desktop Protocol (RDP) Brute Force Attempt


This signature detects numerous Windows Remote Desktop Protocol (RDP) connections between two peers in a short period of time, which can be an indication of a Brute Force Attack (also known as a "Dictionary Attack"). An attacker may be attempting to guess valid credentials on an RDP-enabled Windows PC. A successful attack could result in arbitrary code execution with the privileges of the compromised credentials.

References

  • URL: http://en.wikipedia.org/wiki/Remote_Desktop_Protocol
  • URL: http://www.itu.int/rec/T-REC-T.128
  • URL: http://www.symantec.com/security_response/writeup.jsp?docid=2011-082908-4116-99

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out