This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connections to 3389 port

Hi,

I've configured destination NAT on Sophos UTM9 on public interface IP:3389->Local_ip:3389

In firewall live logging i see entries like this

Occasionally someone is sending SYN request and nothing more (this is what live log shows)

By the way netstat shows   TCP Local_ip:3389  xx-xxx-33-158:54592 ESTABLISHED

and after second this ESTABLISHED is gone.

I've tried telnet from outside with one PC and established is long enough, so is this a some kind of scan?


Is this harmfull?



This thread was automatically locked due to age.
Parents Reply Children
  • Doug answered that, Almis.  This is someone scanning for IPs with open 3389 ports.  They are creating a database of such IPs and will likely sell that information to the Russian mafia or the Chinese military.  If you don't take one of the suggestions above, you can count on bad guys coming at you with automated password-guessing tools.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA