I tried to RDP in to my works computer from home the other night and had issues, yesterday whilst using the PC things seemed a little slow at times.
Today I looked in event viewer (Windows 10) and found someone has been trying to login via RDP, the records only go back to around 02:30am (I presume a maximum amount of events stored), but there is around 31,000 failed attempts. So for now I have closed the port in the router. This is clearly an automated Bot attack, every IP address seems to be different, and from all over the world going by the ones I've looked at.
I
found this which seems the perfect solution, but we use AVG and trying to configure the same rule in that doesn't work for whatever reason.
So I thought I'd do it from the router (Zyxel VMG8924-B10A), at first it looked like I could enter my home IP address directly into the port forward rule, but that seems not to be the case as it says " WAN IP is optional. If user wants to present Multi-to-Multi NAT, user can assign the desired device WAN IP." so it seems it isn't for what I thought it was.
So I think I need to set it up under Firewall\Access Control (as per attached blank picture - see post 3), presumably I just need to enter my home IP address, destination address as my internal IP here at work, fill in the source port and destination port etc. Also I'm not sure if this replace the port forwarding rule?
Any thoughts as I do need to be able to RDP in?