Computing > Security

RDP Brute Force Attacks on my PC - caused monitors to flash black

(1/9) > >>

Bicurico:
Hi,

I am describing this, just in case someone is suffering from the same.

It started some weeks (months) ago with my monitors to flash briefly occasionally. It is as if the screen went black for a fraction of a second. Otherwise all was working. Just this annoying flash.

It got worse with time and tonight I decided to tackle the problem.

My PC has 3 monitors attached (via HDMI, DVI and VGA), using a Asus GeForce GTX660 graphics card).

I tried this:

1) Update the driver. No effect.
2) Turned on each monitor, then using only one monitor a tine. No effect.
3) Rebooted. No effect.
4) Unplugged the PC (a lot of work, as it crammed with cards and has a ton of cables attached - under the table). Plugged it into a totally different monitor with a different cable. No effect.
5) Replaced the graphics card with a Nvidia Quadro. No effect. STRANGE!!! At this point I thought that the GTX660 was broken.
6) Thought it might be due to hot weather and PC getting too hot. Rearraged the cards so that the GPU would have better airflow. No effect.
7) Put back PC in its place under the table, connected all cables, while wife was complaining about the noise... Still no effect.
8 ) Considered reinstalling the whole Windows HDD, but was not into that. So I did a reboot into Safe Mode with Network. Strange: apparently the problem was fixed here. Must be a software issue?
9) Spent ages killing processes and stopping services. No effect.
10) Had finally a good idea: looked at the Event Log of Windows. There was a strange entry (cnvwmi service_control_sessionchange). Looked it up and got some hints it might have to do with RDP? WHAT??? That cannot be. Can it? Could this be someone trying to RDP to my computer and doing a brute force password attack? Disabled the network and guess what: the flashing was gone!
11) Activated network and flashing was back. Every 1-5 seconds the monitors would flash briefly (black). So I went to my router settings and disabled the RDP forwarding to my computer. Problem solved.

So: there are ASSHOLES trying to do brute force attacks on all IP's that offer RDP and this causes the screen to flicker/flash due to the way Microsoft implemented the login routine.

The debate is not how secure my password is - apparently it is good enough to not have been hacked.

The thing is: how do you guys get into your computers remotely over the internet? I use that A LOT.

Kind of sucks having to turn off RDP. Can I change the port number to something exotic? If so, how? --> https://tunecomp.net/change-remote-desktop-port-windows-10/

Just found this: https://www.zdnet.com/article/a-botnet-is-brute-forcing-over-1-5-million-rdp-servers-all-over-the-world/

Regards,
Vitor

Monkeh:
Don't expose RDP...

Just use a VPN.

Bicurico:
Considering the same level of password strength, what is the difference of using VPN over RDP, when we are talking about automated brute force attacks against IP's which offer these services?

Thanks,
Vitor

Dundarave:
Changing the RDP port number is a trivial but effective way of minimizing RDP attacks:  there are like ~63k port number choices (staying out of the under-1k range), so choosing one of them makes it more likely that an RDP brute force bot will just move on to the next IP address. 

Monkeh:

--- Quote from: Bicurico on September 15, 2019, 12:26:11 am ---Considering the same level of password strength, what is the difference of using VPN over RDP, when we are talking about automated brute force attacks against IP's which offer these services?

Thanks,
Vitor

--- End quote ---

Your password does not measure up to a proper key exchange, so don't use passwords. And, well, you'll no longer have an RDP service exposed which can cause you problems when people attempt, successfully or otherwise, to attack it..

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version