""ET POLICY Remote Desktop AeroAdmin handshake""
SID: 2035467
Revision: 2
Class Type: policy-violation
Metadata: affected_product Windows_XP_Vista_7_8_10_Server_32_64_Bit, attack_target Client_Endpoint, created_at 2022_03_16, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2022_03_16
Reference:
-
md5
-
5003c00cdd28d6d1461e9a6a76c544a6
Protocol: tcp
Source Network: $HOME_NET
Source Port: any
Destination Network: $EXTERNAL_NET
Destination Port: 443
Flow: established,to_server
Contents:
-
Value: "|e1 00 00 00 00|" Depth: 5
-
Value: "|0d 00 00 d8 00 00 00 4d 49 47 64 4d 41|"
Within: 13
PCRE:
Special Options:
- fast_pattern