Computer Software > Security
Over 31,000 access attempts via RDP - how to setup Zxyel to allow only my IP add
Ronski:
I tried to RDP in to my works computer from home the other night and had issues, yesterday whilst using the PC things seemed a little slow at times.
Today I looked in event viewer (Windows 10) and found someone has been trying to login via RDP, the records only go back to around 02:30am (I presume a maximum amount of events stored), but there is around 31,000 failed attempts. So for now I have closed the port in the router. This is clearly an automated Bot attack, every IP address seems to be different, and from all over the world going by the ones I've looked at.
I found this which seems the perfect solution, but we use AVG and trying to configure the same rule in that doesn't work for whatever reason.
So I thought I'd do it from the router (Zyxel VMG8924-B10A), at first it looked like I could enter my home IP address directly into the port forward rule, but that seems not to be the case as it says " WAN IP is optional. If user wants to present Multi-to-Multi NAT, user can assign the desired device WAN IP." so it seems it isn't for what I thought it was.
So I think I need to set it up under Firewall\Access Control (as per attached blank picture - see post 3), presumably I just need to enter my home IP address, destination address as my internal IP here at work, fill in the source port and destination port etc. Also I'm not sure if this replace the port forwarding rule?
Any thoughts as I do need to be able to RDP in?
d2d4j:
Hi ronski
Sorry I cannot see a picture unless it’s connected to Tapatalk not showing sorry
I would imagine your correct (says me blindly) but another thought
If router allows vpn user dial in accounts, why not setup a vpn user and then RDP
Many thanks
John
Ronski:
Sorry John, due to brain overload I forgot to attach the picture :-[ I've attached it to this post.
I need to keep it simple as there is another user that uses RDP on a different port, fortunately they hadn't been trying to gain access to that PC, probably because its a higher port number and thus discovered mine first fortunately.
g3uiss:
I’ve done this but with a Draytec. I was restricting traffic on port 25 just from certain IP’s I went around in circles. I got a article sent and I suspect you can make the Zygel do similar.
You still need the port forward, this is a block / allow rule. It all refers to Port 25 but just change the port number to 3389 and say call the rule RDP. As J0hn mentions VPN would be better as 3389 is an unencrypted port.
I hope you can adapt it for your router.
Alternate is to use an odd 3391 say, port number needs a registry change on the receiving server
Tony
d2d4j:
Hi
@g3uiss - we always use draytek and vpn is the easiest method and more secure. You can keep rdp port fully closed and encrypted
@ronski - I normally create 2 rules, in and out, same rule but source/destination swapped
Also, if rdp is not shown as service, I usually create service port first. Some have bugs which let’s say gets confused over custom port direct input but I have never seen that on draytek
Many thanks
John
Navigation
[0] Message Index
[#] Next page
Go to full version