Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 7 subscribers
  • Views 15230 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connections to 3389 port

DrMeskon

Hi,

I've configured destination NAT on Sophos UTM9 on public interface IP:3389->Local_ip:3389

In firewall live logging i see entries like this

Occasionally someone is sending SYN request and nothing more (this is what live log shows)

By the way netstat shows   TCP Local_ip:3389  xx-xxx-33-158:54592 ESTABLISHED

and after second this ESTABLISHED is gone.

I've tried telnet from outside with one PC and established is long enough, so is this a some kind of scan?


Is this harmfull?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to DrMeskon

    A Remote Desktop Gateway Server enables users to connect to remote computers on a corporate network from any external computer. The RD Gateway uses the Remote Desktop Protocol & the HTTPS Protocol to create a secure encrypted connection.

    It is not a UTM product, but a product available in Microsoft Server operating systems.

    If you cannot use that, than for security it's much better to configure VPN-connection from your clients and then make the RDP machine(s) available to the VPN users and not publicly to the internet.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Unfiltered HTML