Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 7 subscribers
  • Views 15134 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connections to 3389 port

DrMeskon

Hi,

I've configured destination NAT on Sophos UTM9 on public interface IP:3389->Local_ip:3389

In firewall live logging i see entries like this

Occasionally someone is sending SYN request and nothing more (this is what live log shows)

By the way netstat shows   TCP Local_ip:3389  xx-xxx-33-158:54592 ESTABLISHED

and after second this ESTABLISHED is gone.

I've tried telnet from outside with one PC and established is long enough, so is this a some kind of scan?


Is this harmfull?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to DrMeskon

    Unknown said:

    Why the connection is show ESTABLISHED then

     

    That has nothing to do with UTM or anything; it's just that anything (most likely someone or something on the internet) is trying to access open machines and since your local machine is actively accepting connections on 3389 anything that will try to make a connection will also establish a tcp connection.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    Ok, but why connections Established are 1 seconds long?

  • 0 in reply to DrMeskon

    Doug answered that, Almis.  This is someone scanning for IPs with open 3389 ports.  They are creating a database of such IPs and will likely sell that information to the Russian mafia or the Chinese military.  If you don't take one of the suggestions above, you can count on bad guys coming at you with automated password-guessing tools.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML