Description: This event is generated when a remote user attempts to query the X Display Manager Control Protocol (XDMCP).
Impact: Reconnaissance. An attacker may obtain a list of usernames on the remote host.
Corrective: Block inbound XDMCP traffic. Disable XDMCP as a listening service on the remote host unless it is required.