Just for anyone else with the same problem here is a summary of what you should expect to see in SmartView Tracker.
Product: SmartDefense Action: Drop Protocol: tcp Service: RDP_Windows (3389) Attack Name: RDP Buffer Overflow Attack Information: Microsoft Windows RDP DoS Exploit Attempt Detected To disable RDP enforcement in SmartDefense go to the SmartDefense tab in SmartDashboard -> Application Intelligence -> Remote Control Applications -> (uncheck) "RDP Enforcement". __________________________________________________________________ Jeremy Morrill Project Manager Phillips Academy AIM: zmq503o1 MSN: zmq503o1(at)hotmail.com _________________________________________________________________ -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of sin Sent: Saturday, December 09, 2006 10:56 AM To: [email protected] Subject: Re: [FW-1] Microsoft Remote Desktop Connection 6.0 client update Fred Katsumi wrote: > The new RDP client update from Microsoft > http://support.microsoft.com/kb/925876 seems to be acting a little > different from the version available in XP and 2003. Its traffic > appears to be trapped by SmartDefense as RDP Buffer Overflow where as I > never had any problem with the previous version. Is anybody > experiencing this? I'd appreciate some explanation from experts. > I installed that client and reverted back to the previous version as I experienced problems connecting to some remote machines (I could only connect sporadically to them even though every time I was behind a FW-1 firewall R60+HFA04 ) If in your case Smart Defense blocks the traffic, just disable that check. It's not the first time Smart Defense blocks legitimate traffic. sin ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
