The rule detects RDP connection setup traffic containing the specific byte sequence "04 37 00 00" in the payload. The presence of this sequence could indicate the use of the Georgian keyboard layout during the RDP session setup.
The rule detects RDP connection setup traffic containing the specific byte sequence "04 05 00 00" in the payload. The presence of this sequence could indicate the use of the Czech keyboard layout during the RDP session setup.
The rule detects RDP connection setup traffic containing the specific byte sequence "06 04 00 00" in the payload. The presence of this sequence could indicate the use of the Danish keyboard layout during the RDP session setup.
The rule detects RDP connection setup traffic containing the specific byte sequence "09 04 00 00" in the payload. The presence of this sequence could indicate the use of the English_United_States keyboard layout during the RDP session setup.
The rule detects RDP connection setup traffic containing the specific byte sequence "04 36 00 00" in the payload. The presence of this sequence could indicate the use of the Afrikaans keyboard layout during the RDP session setup.
The rule detects RDP connection setup traffic containing the specific byte sequence "04 04 00 00" in the payload. The presence of this sequence could indicate the use of the Chinese_Taiwan keyboard layout during the RDP session setup.
The rule detects RDP connection setup traffic containing the specific byte sequence "04 1a 00 00" in the payload. The presence of this sequence could indicate the use of the Croatian keyboard layout during the RDP session setup.
This alert is triggered when detecting a potential SYN Flood attak. In the attack, the attacked server, has been overwhelmed by the flood of SYN requests, eventually reaches its limit for pending connections and cannot accept any new legitimate connection requests from other clients. This results in a denial of service for legitimate users who are unable to connect to the server.
This alert is triggered when detecting an SMBv3 data compression response communication. SMBv3 is a network protocol used to provide shared access to files, printers, and other communication on a network. Data compression is the process of reducing the size of data files for storage by finding and eliminating redundancy in data. This alert may be triggered when an adversary is attempting to exploit a vulnerability in the SMBv3 Data compression process.
This alert is triggered when detecting an attempt to access the VxWorks Debug Service. VxWorks is a real-time operating system (RTOS) developed by Wind River Systems. The debug service in VxWorks is a feature used by developers for troubleshooting and optimization; however, it can disclose sensitive information if it's improperly secured. This alert may be triggered when an adversary is attempting to exploit the VxWorks Debug Service by sending crafted packets to port 17185 in order to extract sensitive information, such as configuration data or operational details of the targeted device.