Remote Desktop : Moving Port : Suggestions please

[storme]

G'day All

I have a customer with a computer in their office running "remote desktop" they use it to access records in the office after hours.

Everything was fine until recently the remote desktop stopping working "after a while".  Long story short I eventually worked out that someone had discovered this computer and was hammering it to try and get in.

I turning it off for a week, that was as long as I was allowed as it was "needed".  A couple of days later it started crashing again. So they didn't give up on us.

So I'm stuck...changing from "remote desktop" is not an option I've been told so hiding is the only option.

So I was thinking of the following and wanted some feedback or other options.

1. Change the port that the remote desktop works on at the office.

As they aren't real computer literate I'll have to automate the process at the client and server ends.

So that means I'll have to change the port mapping on the router and design someway for the clients to know what port it's been changed to.

2. Disable Remote desktop at times when it's not required.

{I'm sure someone will complain that he wants to access it at some weird time that no one else wants it so it will have to be left on all the time }

OR

2.1 Only enable it when someone wants to access the server.

I'm thinking this would lend itself to a simple client/server system where the client runs a program that contacts the server which switches remote desktop on then off after connection is lost.

So I've got a few ideas on how to tackle the problem.  But was wondering before I get my head down and start coding if anyone else has a simpler or ready made solution I haven't thought of.

Thanks for any help!

John  Morrison

 

[Emiel Wieldraaijer]

Maybe you can active logging in your router and block traffic from the specified ip in the firewall of the router..

This question should be posted in the Chat section

Edited August 7, 2013 by Emiel Wieldraaijer

[JLogan3o13]

I would go with a change to the listening port, personally. All you have to change is HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminalServerWinStationsRDP-TcpPortNumber. Maybe create an array and change the port based on the day or date. Then give the customer a script that has the same array to date function, and automatically calls mstsc /v:<server>:<port> for them.

[storme]

Maybe you can active logging in your router and block traffic from the specified ip in the firewall of the router..

It's a remote site from me so yes it's possible but if it's a bot net (as suggested by the amount of hits we were getting) it isn't going to help.

Also I'd be playing catchup as they could just change their IP and I'd have to start again.

Thanks for the suggestion.  I'm hoping I've missed something simple.

[storme]

I would go with a change to the listening port, personally. All you have to change is HKEY_LOCAL_MACHINESystemCurrentControlSetControlTerminalServerWinStationsRDP-TcpPortNumber. Maybe create an array and change the port based on the day or date. Then give the customer a script that has the same array to date function, and automatically calls mstsc /v:<server>:<port> for them.

That was my original thought as well. 

I like the day of week<>port idea it makes sense.

The only drawback is I'd also have to change the port mapping on the router to that it could find the server.

Which does complicate things a little....

Thanks

John

[BigDod]

Could you not setup your router to only allow certain IP address's through

[Emiel Wieldraaijer]

i haven't heared of a botnet attacking a RDP port.

further if someone is hammering you connection you should report it to the provider..

resolve the ip and resolve an abuse emailaddress through ripe.net

If you change the local rdp port you should also change the local windows firewall  

Best way would be a site to site VPN Solution

Allowing only certain ip is also an option Or maybe  http://rdpguard.com/

Edited August 7, 2013 by Emiel Wieldraaijer

[JLogan3o13]

If he is unable to get the customer to agree on an RDP alternative such as TeamViewer, not sure he is going to be able to sell a VPN solution.

[storme]

Could you not setup your router to only allow certain IP address's through

The IP address will be whatever they have their computers/laptops connected to.  So IP address filtering isn't really an option as I may have to filter a range that one of them uses.

[storme]

i haven't heared of a botnet attacking a RDP port.

You maybe right there. I don't have any evidence either way.

further if someone is hammering you connection you should report it to the provider..

resolve the ip and resolve an abuse emailaddress through ripe.net

I'll try and get a logger onto the server. Any recommendations on a good one. I don't want to be muching around with them. :

If you change the local rdp port you should also change the local windows firewall

That is why I would prefer to not change it. But I'm sure that could be over come.

Best way would be a site to site VPN Solution

Allowing only certain ip is also an option Or maybe  http://rdpguard.com/

Yeah but I don't think they will come at that.

It's a catch 22 for me.

They WANT the service but they don't want to PAY for it.

Thanks for the advice!!!

[Emiel Wieldraaijer]

They WANT the service but they don't want to PAY for it.

 

 

If they don't want to pay .. you cannot help them, if they want to work an earn some money they will have to pay to get the job done.. otherwise .. they are the ones having the problem

[storme]

If they don't want to pay .. you cannot help them, if they want to work an earn some money they will have to pay to get the job done.. otherwise .. they are the ones having the problem

That was para-phrasing...

I should have said "They want the service to work" and don't want to pay for any extra services to do that.

With small businesses that is basically the norm as they are running on tight budgets anyway...