Home > OS >  Windows server being brute force RDP, every day
Windows server being brute force RDP, every day

Time:10-12

2 server

One is ali cloud WINDOWS SERVER 2012, opened the rdp3389, but ali cloud do port forwarding, 3389 forwarded to the network is another port, such as 3333, but there are innumerable brute force RDP audit every day,,,, 3333 how to change, is still being targeted in 1 days, so it is a group of brute force,

Another 1 SERVER WINDOWS SERVER 2019, is a virtual machine, behind the hardware firewall, by the same token, the open RDP 3389, 3389 hardware firewall network mapping into 12345, but there are innumerable brute force RDP audit every day,,,,,,,,,,,,,, in the same situation as ali cloud,


How to solve, this group of people know, I'm a port number, they have set is actually a RDP port, and,,,, what method can let the other side is not targeted?

CodePudding user response:

Is there any way not being targeted? No, no matter what you change port, can be through the port scan sweep out,
Is there any way to prevent? You have, you can refer to my blog: reading system "security" log failed login attempts + attackers IP is added to the firewall policy
https://blog.csdn.net/runnerchin/article/details/29862833

CodePudding user response:

Sent you a wrong, should be the https://blog.csdn.net/runnerchin/article/details/29971915