Snort Sig ?number? RctrlX rule

 

  • GEN:SID
  • Message
  • Summary
  • Impact
  • Affected Systems
  • Attack Scenarios
  • Ease of Attack
  • False Positives
  • False Negatives
  • Corrective Action
  • Contributors
  • Additional References
  • ????
  • RctrlX Session Established.
  • This event is generated when an RctrlX makes a connection to another windows computer.
  • Could be benign, could be malicious
  • Windows Sever/Workstation 2000, XP, ME, 2003, Vista (32 and 64-bit versions of all)
  • Legit remote administration, or it could be malicious
  • Moderate, attacker must have a valid username/password
  • None known.
  • None known.
  • Disallowing access to shares by firewalling or NTFS ACL's.
  • Rich Rumble <richrumble a+ xinn.org>
  • None.