icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Terminal Services Web Detection

Info

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host appears to be configured to facilitate the client download of an ActiveX Terminal Services Client. Users can access the web page and click a 'connect' button that will prompt a client-side download of a .cab file that will be used to connect the client directly to a terminal services server using Remote Desktop Protocol -- RDP. You will want to manually inspect this page for possible information regarding systems offering RDP access, system information, IP addressing information, and more.

Solution

Password protect access to the 'tsweb' resource.