Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Terminal Services Web Detection

Info

Synopsis

The remote host may give an attacker information useful for future attacks.

Description

The remote host appears to be configured to facilitate the client download of an ActiveX Terminal Services Client. Users can access the web page and click a 'connect' button that will prompt a client-side download of a .cab file that will be used to connect the client directly to a terminal services server using Remote Desktop Protocol -- RDP. You will want to manually inspect this page for possible information regarding systems offering RDP access, system information, IP addressing information, and more.

Solution

Password protect access to the 'tsweb' resource.