After Tenable announced that they are going to have operating system
detection based on Remote Desktop fingerprinting available to Direct
Feed customers (http://blog.tenablesecurity.com/2007/10/windows-operati.html),
I thought it would be great to figure out how they are doing that.
Unfortunately, I can't seem to locate any good technical documentation
on how RDP does what it does.
I considered looking at the linux programs that use it (rdesktop) and
trying to read their code, but I don't write code myself so it would
be hit or miss.
RDP is Microsoft's baby and I don't know where to look for in depth docs on it.
Does anyone have a link or two to some helpful stuff that would help
me break the code? Or will I just need to figure it the hard way?
Thanks!
-Jason
--
NOTICE: This email is being sent in clear-text across the public
Internet. Therefore, any attempts to include unenforceable legalese
restrictions are ridiculous and pointless. If you can read this,
consider yourself authorized (whether I like it or not).