Jump to content
Sign in to follow this  
storme

Remote Desktop : Moving Port : Suggestions please

Recommended Posts

storme

G'day All

I have a customer with a computer in their office running "remote desktop" they use it to access records in the office after hours.

Everything was fine until recently the remote desktop stopping working "after a while".  Long story short I eventually worked out that someone had discovered this computer and was hammering it to try and get in. :(

I turning it off for a week, that was as long as I was allowed as it was "needed".  A couple of days later it started crashing again. So they didn't give up on us.

So I'm stuck...changing from "remote desktop" is not an option I've been told so hiding is the only option.

So I was thinking of the following and wanted some feedback or other options.

1. Change the port that the remote desktop works on at the office.

As they aren't real computer literate I'll have to automate the process at the client and server ends.

So that means I'll have to change the port mapping on the router and design someway for the clients to know what port it's been changed to.

2. Disable Remote desktop at times when it's not required.

{I'm sure someone will complain that he wants to access it at some weird time that no one else wants it so it will have to be left on all the time :(}

OR

2.1 Only enable it when someone wants to access the server.

I'm thinking this would lend itself to a simple client/server system where the client runs a program that contacts the server which switches remote desktop on then off after connection is lost.

So I've got a few ideas on how to tackle the problem.  But was wondering before I get my head down and start coding if anyone else has a simpler or ready made solution I haven't thought of.

Thanks for any help!

John  Morrison

 

Share this post


Link to post
Share on other sites
Emiel Wieldraaijer

Maybe you can active logging in your router and block traffic from the specified ip in the firewall of the router..

This question should be posted in the Chat section

Edited by Emiel Wieldraaijer

Best regards,Emiel Wieldraaijer

Share this post


Link to post
Share on other sites
JLogan3o13

I would go with a change to the listening port, personally. All you have to change is HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminalServerWinStationsRDP-TcpPortNumber. Maybe create an array and change the port based on the day or date. Then give the customer a script that has the same array to date function, and automatically calls mstsc /v:<server>:<port> for them.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
storme

Maybe you can active logging in your router and block traffic from the specified ip in the firewall of the router..

It's a remote site from me so yes it's possible but if it's a bot net (as suggested by the amount of hits we were getting) it isn't going to help. :(

Also I'd be playing catchup as they could just change their IP and I'd have to start again.

Thanks for the suggestion.  I'm hoping I've missed something simple. :)

Share this post


Link to post
Share on other sites
storme

I would go with a change to the listening port, personally. All you have to change is HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminalServerWinStationsRDP-TcpPortNumber. Maybe create an array and change the port based on the day or date. Then give the customer a script that has the same array to date function, and automatically calls mstsc /v:<server>:<port> for them.

That was my original thought as well. 

I like the day of week<>port idea it makes sense.

The only drawback is I'd also have to change the port mapping on the router to that it could find the server.

Which does complicate things a little....

Thanks

John

Share this post


Link to post
Share on other sites
BigDod

Could you not setup your router to only allow certain IP address's through



Get Beta versions Here Get latest SciTE editor Here AutoIt 1-2-3 by Valuater - A great starting point.

Time you enjoyed wasting is not wasted time ......T.S. Elliot
Suspense is worse than disappointment................Robert Burns
God help the man who won't help himself, because no-one else will...........My Grandmother

Share this post


Link to post
Share on other sites
Emiel Wieldraaijer

i haven't heared of a botnet attacking a RDP port.

further if someone is hammering you connection you should report it to the provider..

resolve the ip and resolve an abuse emailaddress through ripe.net

If you change the local rdp port you should also change the local windows firewall  

Best way would be a site to site VPN Solution

Allowing only certain ip is also an option Or maybe  http://rdpguard.com/

Edited by Emiel Wieldraaijer

Best regards,Emiel Wieldraaijer

Share this post


Link to post
Share on other sites
JLogan3o13

If he is unable to get the customer to agree on an RDP alternative such as TeamViewer, not sure he is going to be able to sell a VPN solution.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
storme

Could you not setup your router to only allow certain IP address's through

The IP address will be whatever they have their computers/laptops connected to.  So IP address filtering isn't really an option as I may have to filter a range that one of them uses.

Share this post


Link to post
Share on other sites
storme

i haven't heared of a botnet attacking a RDP port.

You maybe right there. I don't have any evidence either way.

further if someone is hammering you connection you should report it to the provider..

resolve the ip and resolve an abuse emailaddress through ripe.net

I'll try and get a logger onto the server. Any recommendations on a good one. I don't want to be muching around with them. :

If you change the local rdp port you should also change the local windows firewall

That is why I would prefer to not change it. But I'm sure that could be over come. :)

Best way would be a site to site VPN Solution

Allowing only certain ip is also an option Or maybe  http://rdpguard.com/

Yeah but I don't think they will come at that.

It's a catch 22 for me.

They WANT the service but they don't want to PAY for it. :(

Thanks for the advice!!!

Share this post


Link to post
Share on other sites
Emiel Wieldraaijer

They WANT the service but they don't want to PAY for it. :(

 

 

If they don't want to pay .. you cannot help them, if they want to work an earn some money they will have to pay to get the job done.. otherwise .. they are the ones having the problem


Best regards,Emiel Wieldraaijer

Share this post


Link to post
Share on other sites
storme

If they don't want to pay .. you cannot help them, if they want to work an earn some money they will have to pay to get the job done.. otherwise .. they are the ones having the problem

That was para-phrasing...

I should have said "They want the service to work" and don't want to pay for any extra services to do that. :(

With small businesses that is basically the norm as they are running on tight budgets anyway...

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×