Products > Security
RDP Brute Force Attacks on my PC - caused monitors to flash black
legacy:
--- Quote from: Bicurico on September 16, 2019, 08:47:14 am ---use CAD/CAM software in real-time or even watch a movie being run on my remote PC
--- End quote ---
dunno... for CAD/CAM you also might need a graphics tablet or a 3D mouse as input devices, and this sucks due to the big lag introduced by both the network and the RDP protocol.
Anyway, things usually go even worse when you to apply VPN because it decreases the throughput and increments the lag.
The miniPCI cryptoprocessor does a great job at accelerating ssh-tunnels' and VPNs' stuff and it actually helps the little Atheros9 CPU used in my router, but it adds a lot of lag to each packet it processes. I feel the lag when I use the mouse on a remote RDP machine. It's tolerable but ... only for simple operations and only for a short while.
Bicurico:
TightVNC is not an option.
There is a reason why RDP is so complex: it acts as virtual graphics card in the sense that it does not grab the screen, compresses it and send its like VNC does (which takes ages). It actually sends the instructions to draw the screen, which is much faster. Think of it as comparing having a X11 server locally or filming your screen and sending it through the internet.
The same with sound, which can be reproduced on the host or the client. These are just examples of the range of functionality of RDP. TightVNC (just noticed they made a new version after THREE years) might have its reasons to exist, but for sure it is not a replacement of RDP.
Again, and sorry to repeat myself: with RDP I can use a small, light and cheap 250 Euro laptop and remote connect to my computer (more like a workstation, actually) and use high-end CAD/CAM software without noticeable lag. It does have some minor graphical glitches, but these are acceptable. This is something you simply cannot do over VNC and you do need a good bandwidth, which I have (upload-wise).
I use the cheap TP-Link WR841n routers with DD-WRT. Why? Because I have three of them, on different floors, acting as access points for my WLAN. DD-WRT is easy to configure and offers extra services (not present in the original FW), including VPN server.
But I agree, these are a bit outdated CPU, flash and memory wise.
My ISP Router does not offer VPN functionality, btw.
So perhaps I need to get a more recent router, but I definitely want to run DD-WRT on it. I like it for the clear interface, the functionality offered and the fact that so far they have been immune to hacks, as opposed to default FW of major brands.
The problem is that there currently are no cheap options for DD-WRT compatible routers!
And yes, I know there is OpenWrt. I just never used it, as it requires more flash to have webserver for the GUI and overall I found it less user-friendly.
So the current question is: what router is recommended to act as a VPN server? With what FW? Such router would be behind my provider router, of course. It needs to be able to provide VPN at speeds of around 200MBPS - that is the main issue.
Regards,
Vitor
legacy:
--- Quote from: MrMobodies on September 16, 2019, 12:13:39 am ---I don't think it is safe to even have RDP on a different port now unrestricted to any IP other than VPN as it is a matter time when they find it and do a campaign over some vulnerability.
--- End quote ---
A dude in my team had (note the past verb) a windows XP machine with an RDP port open to the internet, and an asshole did exploit the weakness of the protocol to take the remote control of the computer so he was able to impersonate us on Discord with our IP just to make fun of us.
- making fun of fools is a lot of fun - he said in a comment, well, not something you can sue someone for, but for sure it was not funny.
edy:
Thanks to this thread I just re-assigned the outward-facing ports of my internet modem to a different port for VNC. Not that I had any issues... but just to be sure. Default for VNC is 5900 and it is just way too easy to try and brute-force an attack. At least some random high port will take longer to find. Not that it is a perfectly secure patch, but a bit less likely to be picked up. You need multiple layers of security, this being just one of many.
Here is a list of the top scanned ports:
https://securitytrails.com/blog/top-scanned-ports
legacy:
--- Quote from: edy on September 16, 2019, 01:44:10 pm ---Here is a list of the top scanned ports
--- End quote ---
port scanning is not so bad. I mean, we have a project where a router continuously port-scans a restricted subnet in order to monitor the running services.
--- Code: ---# ls-host 192.168.1.24
192.168.1.4____ 00.0c.42.0e.8f.01 uc-rb532............. (+) 22/ssh 25/HoNad 80/httpd 5201/iperf3
192.168.1.11___ 00.60.78.05.8d.d8 akita................ (+) 22/ssh 25/HoNad 80/httpd 443/https
192.168.1.12___ ....................................... (+) 6000/X11
192.168.1.24___ 00.16.e6.37.b0.fa OrangeCube........... (+) 22/ssh 25/HoNad
192.168.1.36___ 00.30.6e.1e.2c.17 c3600................ (+) 22/ssh 25/HoNad
192.168.1.50___ ....................................... (+) 80/httpd
192.168.1.81___ 00.11.24.e4.d7.f0 lelly................ (+) 22/ssh 25/HoNad 80/httpd 111/rpcbind 443/https 2049/nfs
192.168.1.84___ 00.30.65.6a.ab.a6 minerva.............. (+) 22/ssh 23/telnet 25/HoNad
--- End code ---
We have recently created a protocol named "HoNad", defining a server which does some things including port-scanning and responds to queries on port 25. A remote client can run "ls-host" to issue a query requiring the list of all the machines found in the restricted LAN.
mac-addresses are also monitored, so if a machine changes its mac-address this triggeres the attention of the monitor which logs the event, and there is a specific "ls-intruders" tool that can issue the query to the server, which will respond with its metric.
Since the server runs in a router which is able to work as firewall, it can also automaticaly take the - fail-2-ban- decision to ban an IP from the restricted LAN that it serves.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version