""ET POLICY Tunneled RDP msts Handshake""
SID: 2027192
Revision: 1
Class Type: bad-unknown
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2019_04_11, deployment Perimeter, signature_severity Minor, updated_at 2019_04_11
Reference:
Protocol: tcp
Source Network: any
Source Port: [21,22,23,25,53,80,443,8080]
Destination Network: any
Destination Port: !3389
Flow:
Contents:
-
Value: "|03 00 00|" Depth: 3
-
Value: "|e0|"
-
Value: "Cookie|3a 20|mstshash="
Within: 17
PCRE:
Special Options: