Versions (6)
Version DetailsCurrent
Rev: 3 • Sep 4, 2025, 8:46 AMTOOLS [PTsecurity] xfreerdp/vinagre/remmina RDP client
alert tcp any any -> any any (msg: "TOOLS [PTsecurity] xfreerdp/vinagre/remmina RDP client"; flow: established, to_server, no_stream; content: "|03 00|"; depth: 2; content: "Duca"; distance: 0; content: "|01 C0|"; distance: 2; within: 2; byte_jump: 2, 0, relative, little, post_offset -4; content: "|04 C0|"; within: 2; byte_jump: 2, 0, relative, little, post_offset -4; content: "|02 C0|"; within: 2; byte_extract: 2, 0, CLIENTNETWORKDATALEN, relative, little; isdataat: !CLIENTNETWORKDATALEN, relative; reference: url, rules.ptsecurity.com; classtype: policy-violation; sid: 10005928; rev: 3;)
Sep 4, 2025, 8:46 AM
Sep 4, 2025, 8:46 AM
Oct 16, 2025, 10:34 AM
Oct 16, 2025, 10:34 AM
rules/ptopen-tools.rules