GEN:SID 1:1448
Message MISC MS Terminal server request
Summary This event is generated when a request is sent to the Microsoft
Terminal Server port.
Impact Denial of service. Sending repeated requests may cause a denial of
service by consuming all available memory resources.
Detailed Information A flaw exists in the Microsoft Terminal Server port on certain versions
of Windows that may cause a denial of service of the vulnerable host by
consuming all available memory resources.  This attack requires multiple
packets to cause a denial of service.
Affected Systems Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server
Microsoft Windows NT Terminal Server 4.0
Attack Scenarios An attacker may attempt to cause a denial of service against a
vulnerable server by sending repeated requests.
Ease of Attack Simple.
Corrective Action Apply the patches discussed in Microsoft Security Bulletin MS01-040.
Block access to the Microsoft Terminal Server port from outside the
protected network.
Additional References CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0540
Rule References bugtraq: 3099
cve: 2001-0540
url: www.microsoft.com/technet/security/bulletin/MS01-040.mspx