|Source||18.104.22.168 (United States)||ms-term-serv (3389)|
- DB2 DoS. See the following for details:
- Rule is reasonably well crafted. It should not commonly be a false positive.
- In this case, the ephemeral port for a user is 50000 which happens to match the rule.
- There is also a significant amount of RDP traffic which happens to trigger the byte matching.