IP Address | Port | Hostname | |
---|---|---|---|
Source | 208.82.213.132 (United States) | ms-term-serv (3389) | |
Destination | (local) | 50000 |
Description:
- DB2 DoS. See the following for details:
False Positive:
- YES
- Rule is reasonably well crafted. It should not commonly be a false positive.
- In this case, the ephemeral port for a user is 50000 which happens to match the rule.
- There is also a significant amount of RDP traffic which happens to trigger the byte matching.
Action:
- None
Comments