This indicates an attempt to use DRDA (Distributed Relational Database Architecture), a database interoperability standard implemented in IBM DB2 and some other popular database software. It does not indicate any attack or exploit.
Risk
Low
Popularity
Low
Characteristic
Loss of productivity? Have disclosed vulnerability? Can bypass firewall policy? Contain built-in function for other purposes? Can communicate in clear text or via proxy? Can support file transfer? Can be misused? Can tunnel other apps?
Affected Applications
DRDA
Recommended Actions
You may set the signature to "BLOCK" if this kind of traffic is undesirable.