OS-WINDOWS -- Snort has detected traffic targeting vulnerabilities in a Windows-based operating system. This does not include browser traffic or other software on the OS, but attacks against the OS itself.
OS-WINDOWS Microsoft Windows Terminal server RDP over non-standard port attempt
This event is generated when an attempt to bypass RDP and get lateral access to other devices, has been detected Impact: High Details: An attacker can get access to several devices using a compromised Windows computer that is located behind a Firewall that allows RDP access (configured previously by the Firewall administrator) to that computer. The attacker can force the victim computer to forward RDP requests to other internal computers or servers in an attempt to move laterally inside the victim network Ease of Attack: Medium. It will require already access to a compromised computer inside the target network
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
None
No information provided
None