This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Remote Desktop using non-standard ports - issues

Good Day.

This problem just started (well, noticed it last week, but may have been going on longer).

With the Sophos VPN running from a remote PC, I could RDP to several internal servers and a workstation or two. On most, using a non-standard protocol port # (say 41265 vice 3389). Have all the protocols defined, rules, etc. all done. And it had been working fine for quite a while. The servers and PC's are configured to use the nonstandard port (not doing a port translation to 3389)

Now, when I try through the VPN, it will try and connect - after putting in the logon account and password info, then gives an error message that "an internal error has occurred". As a test, I put in an incorrect password and it immediately tells me "the logon attempt has failed" - just what I would expect. So, it is getting through the authentication stage.

If I am physically on-site, and try RDP from a workstation on the same network, using the same non-standard RDP protocol, it works. So looks like the issue is not with the rdp on the boxes.

There is one PC and one server that are set to use the standard 3389, and through the VPN, they work.

I've gone back over all the rules, and found nothing amiss. Hadn't changed anything.

 

Any ideas? PC's are Win 10. Mix of server versions.

 

John S.



This thread was automatically locked due to age.
Parents
  • same here. possible:

    - false positive caused by actual snort patterns (I assume this after reading your issue)

    - Hacker attack wave that raised some days ago searching for a vulnerbility in RDP servers

  • I monitored my logs for a while now.

     

    Seems, many people run public RDP servers on tcp/443 (to avoid restrictions in Hotel and guest networks).

    This is noticed by attackers in China and Russia and the well known attack sources try to find RDP servers like this

Reply
  • I monitored my logs for a while now.

     

    Seems, many people run public RDP servers on tcp/443 (to avoid restrictions in Hotel and guest networks).

    This is noticed by attackers in China and Russia and the well known attack sources try to find RDP servers like this

Children
No Data