virus logo Intrusion Prevention

MS.RDP.Connection.Brute.Force

description-logoDescription

This indicates detection of an attempted brute force attack on Microsoft Remote Desktop Protocol (RDP).
The attack consists of multiple RDP requests intended to conduct a brute force RDP login, launched at a rate of about 2000 times within a second. The threshold is configurable based on user's environment.

affected-products-logoAffected Products

Microsoft Remote Desktop Protocol

Impact logoImpact

Impact of a successful attack could vary, with the worse case being a system compromise.

recomended-action-logoRecommended Actions

Adjust the threshold to your network.
Monitor the traffic from that network for any suspicious activity.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2019-04-03 14.585
Modified
 Sig Added
ID 33106
Created Sep 19, 2012
Updated Dec 16, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Default Action pass
Active
Affected OS Windows
Affected App Other
Profile Type Anomaly