RDP protocol component error message 2 days in a row on multiple systems

I have seen the following error message on multiple systems 2 days in
a row:

"The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client"

I've seen the KB articles relating to this message and believe that
it's the result of someone scanning for an RDP vulnerability.

Has anyone else seen this error message lately?

Thanks,

--------------------------------------
Jason Merriman, Senior Site Manager
AboveNet
--------------------------------------

Is the server Windows 2000? If yes, what service pack

It looks like this was fixed in SP3

http://support.microsoft.com/defaul...=kb;en-us;31231
http://support.microsoft.com/?id=32989

Patrick Rous
Microsoft MVP - Terminal Serve
http://www.workthin.co

----- Revision wrote: ----

I have seen the following error message on multiple systems 2 days i
a row

"The RDP protocol component X.224 detected an error in the protoco
stream and has disconnected the client

I've seen the KB articles relating to this message and believe tha
it's the result of someone scanning for an RDP vulnerability

Has anyone else seen this error message lately

Thanks

-------------------------------------
Jason Merriman, Senior Site Manage
AboveNe
-------------------------------------

Jason, I have also had a similar rash (on all boxes in the subnet) of
these errors so it definitely has the appearance of a scan. I would
guess Password harvester except I don't know how that would generate
an error - since Term Srvcs doesn't log (does it??) no way of knowing
that kind of activity. You seem to imply that you have seen KB info
re: RDP scanning - can you post that information, thanks. I have not
found anything on this topic other than your post.