storme Posted August 7, 2013 Share Posted August 7, 2013 G'day All I have a customer with a computer in their office running "remote desktop" they use it to access records in the office after hours. Everything was fine until recently the remote desktop stopping working "after a while". Long story short I eventually worked out that someone had discovered this computer and was hammering it to try and get in. I turning it off for a week, that was as long as I was allowed as it was "needed". A couple of days later it started crashing again. So they didn't give up on us. So I'm stuck...changing from "remote desktop" is not an option I've been told so hiding is the only option. So I was thinking of the following and wanted some feedback or other options. 1. Change the port that the remote desktop works on at the office. As they aren't real computer literate I'll have to automate the process at the client and server ends. So that means I'll have to change the port mapping on the router and design someway for the clients to know what port it's been changed to. 2. Disable Remote desktop at times when it's not required. {I'm sure someone will complain that he wants to access it at some weird time that no one else wants it so it will have to be left on all the time } OR 2.1 Only enable it when someone wants to access the server. I'm thinking this would lend itself to a simple client/server system where the client runs a program that contacts the server which switches remote desktop on then off after connection is lost. So I've got a few ideas on how to tackle the problem. But was wondering before I get my head down and start coding if anyone else has a simpler or ready made solution I haven't thought of. Thanks for any help! John Morrison Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
Emiel Wieldraaijer Posted August 7, 2013 Share Posted August 7, 2013 (edited) Maybe you can active logging in your router and block traffic from the specified ip in the firewall of the router.. This question should be posted in the Chat section Edited August 7, 2013 by Emiel Wieldraaijer Best regards,Emiel Wieldraaijer Link to comment Share on other sites More sharing options...
Moderators JLogan3o13 Posted August 7, 2013 Moderators Share Posted August 7, 2013 I would go with a change to the listening port, personally. All you have to change is HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminalServerWinStationsRDP-TcpPortNumber. Maybe create an array and change the port based on the day or date. Then give the customer a script that has the same array to date function, and automatically calls mstsc /v:<server>:<port> for them. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum! Link to comment Share on other sites More sharing options...
storme Posted August 7, 2013 Author Share Posted August 7, 2013 Maybe you can active logging in your router and block traffic from the specified ip in the firewall of the router.. It's a remote site from me so yes it's possible but if it's a bot net (as suggested by the amount of hits we were getting) it isn't going to help. Also I'd be playing catchup as they could just change their IP and I'd have to start again. Thanks for the suggestion. I'm hoping I've missed something simple. Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
storme Posted August 7, 2013 Author Share Posted August 7, 2013 I would go with a change to the listening port, personally. All you have to change is HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminalServerWinStationsRDP-TcpPortNumber. Maybe create an array and change the port based on the day or date. Then give the customer a script that has the same array to date function, and automatically calls mstsc /v:<server>:<port> for them. That was my original thought as well. I like the day of week<>port idea it makes sense. The only drawback is I'd also have to change the port mapping on the router to that it could find the server. Which does complicate things a little.... Thanks John Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
BigDod Posted August 7, 2013 Share Posted August 7, 2013 Could you not setup your router to only allow certain IP address's through Time you enjoyed wasting is not wasted time ......T.S. Elliot Suspense is worse than disappointment................Robert Burns God help the man who won't help himself, because no-one else will...........My Grandmother Link to comment Share on other sites More sharing options...
Emiel Wieldraaijer Posted August 7, 2013 Share Posted August 7, 2013 (edited) i haven't heared of a botnet attacking a RDP port. further if someone is hammering you connection you should report it to the provider.. resolve the ip and resolve an abuse emailaddress through ripe.net If you change the local rdp port you should also change the local windows firewall Best way would be a site to site VPN Solution Allowing only certain ip is also an option Or maybe http://rdpguard.com/ Edited August 7, 2013 by Emiel Wieldraaijer Best regards,Emiel Wieldraaijer Link to comment Share on other sites More sharing options...
Moderators JLogan3o13 Posted August 7, 2013 Moderators Share Posted August 7, 2013 If he is unable to get the customer to agree on an RDP alternative such as TeamViewer, not sure he is going to be able to sell a VPN solution. "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum! Link to comment Share on other sites More sharing options...
storme Posted August 7, 2013 Author Share Posted August 7, 2013 Could you not setup your router to only allow certain IP address's through The IP address will be whatever they have their computers/laptops connected to. So IP address filtering isn't really an option as I may have to filter a range that one of them uses. Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
storme Posted August 7, 2013 Author Share Posted August 7, 2013 i haven't heared of a botnet attacking a RDP port.You maybe right there. I don't have any evidence either way.further if someone is hammering you connection you should report it to the provider..resolve the ip and resolve an abuse emailaddress through ripe.netI'll try and get a logger onto the server. Any recommendations on a good one. I don't want to be muching around with them. :If you change the local rdp port you should also change the local windows firewallThat is why I would prefer to not change it. But I'm sure that could be over come. Best way would be a site to site VPN SolutionAllowing only certain ip is also an option Or maybe http://rdpguard.com/Yeah but I don't think they will come at that.It's a catch 22 for me.They WANT the service but they don't want to PAY for it. Thanks for the advice!!! Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
Emiel Wieldraaijer Posted August 7, 2013 Share Posted August 7, 2013 They WANT the service but they don't want to PAY for it. If they don't want to pay .. you cannot help them, if they want to work an earn some money they will have to pay to get the job done.. otherwise .. they are the ones having the problem Best regards,Emiel Wieldraaijer Link to comment Share on other sites More sharing options...
storme Posted August 8, 2013 Author Share Posted August 8, 2013 If they don't want to pay .. you cannot help them, if they want to work an earn some money they will have to pay to get the job done.. otherwise .. they are the ones having the problem That was para-phrasing... I should have said "They want the service to work" and don't want to pay for any extra services to do that. With small businesses that is basically the norm as they are running on tight budgets anyway... Some of my small contributions to AutoIt Browse for Folder Dialog - Automation SysTreeView32 | FileHippo Download and/or retrieve program information | Get installedpath from uninstall key in registry | RoboCopy function John Morrison aka Storm-E Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now