DrayTek UK Users' Community Forum
Help, Advice and Solutions from DrayTek Users
RDP Brute force defences. Help please.
- cornz
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 34
- Thank yous received: 0
12 Jan 2018 12:05 #90403
by cornz
RDP Brute force defences. Help please. was created by cornz
Last week I awoke to find several unauthorised transactions on my paypal account. Paypal confirmed that the IP address used to order the items was indeed, my IP but as I live alone, it was pretty obvious it wasn't me. I freshly installed windows and my AV came up clean.
After a week, I watched as my laptop suddenly logged me off and a new user "putin1" appeared. Further investigation revealed I have been subjected to a sustained brute force attempt to log in to my pc via RDP. I use RDP a lot so leave my laptop on so I can connect and do tasks from work, when out etc.
I have a vigor 2820 and use a free dynamic name host.
Can someone please advise on how to harden my router against these attacks. I understand that changing the port from 3389 is one technique but numerous attempts have failed, therefore its highly likely that I am configuring it wrong, is there a guide tutorial on this procedure?
Finances don't allow for a vpn so have to do this as cheaply as is possible.
Is it possible to lock out an ip address after a number of failed log in attempts. My password was quite strong but is now very strong so I suspect use of a rainbow table.
Thank you for any input.
After a week, I watched as my laptop suddenly logged me off and a new user "putin1" appeared. Further investigation revealed I have been subjected to a sustained brute force attempt to log in to my pc via RDP. I use RDP a lot so leave my laptop on so I can connect and do tasks from work, when out etc.
I have a vigor 2820 and use a free dynamic name host.
Can someone please advise on how to harden my router against these attacks. I understand that changing the port from 3389 is one technique but numerous attempts have failed, therefore its highly likely that I am configuring it wrong, is there a guide tutorial on this procedure?
Finances don't allow for a vpn so have to do this as cheaply as is possible.
Is it possible to lock out an ip address after a number of failed log in attempts. My password was quite strong but is now very strong so I suspect use of a rainbow table.
Thank you for any input.
Please Log in or Create an account to join the conversation.
- hornbyp
- Offline
- Big Contributor
Less
More
- Posts: 1323
- Thank yous received: 0
12 Jan 2018 12:38 #90404
by hornbyp
Replied by hornbyp on topic Re: RDP Brute force defences. Help please.
Please Log in or Create an account to join the conversation.
- cornz
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 34
- Thank yous received: 0
12 Jan 2018 18:39 #90408
by cornz
Thank you. That gives me something to go at.
I didn't believe paypal at first when they said the originating IP was "mine". I had noticed odd instances where I was apparently logged in from elsewhere. As I said, all AV came up clean before and after a restore image made apx a year ago.
Replied by cornz on topic Re: RDP Brute force defences. Help please.
You have my sympathies.hornbyp wrote:
Finances don't allow for a vpn so have to do this as cheaply as is possible.cornz wrote:
You already have a VPN! Seehttps://www.draytek.co.uk/archive/vpn_setup2.html orHERE
Just don't use PPTP, except maybe as a test, to get it all going.
Thank you. That gives me something to go at.
I didn't believe paypal at first when they said the originating IP was "mine". I had noticed odd instances where I was apparently logged in from elsewhere. As I said, all AV came up clean before and after a restore image made apx a year ago.
Please Log in or Create an account to join the conversation.
- admin
- Offline
- Site Admin
Less
More
- Posts: 1723
- Thank yous received: 0
12 Jan 2018 21:03 #90409
by admin
Forum Administrator
Replied by admin on topic Re: RDP Brute force defences. Help please.
Brute force is harder with a strong password (presumably that was the first thing you changed, as well as your Paypal password and any other service accounts and the router login password). As others have said, your Vigor 2820 can do better than PPTP though, as it's old, not the very latest protocols (but it will still do IPSec/AES).
Forum Administrator
Please Log in or Create an account to join the conversation.
- cornz
- Topic Author
- Offline
- Junior Member
Less
More
- Posts: 34
- Thank yous received: 0
13 Jan 2018 15:10 #90417
by cornz
The real beauty is that my paypal acct had been closed for 3 months!! The bank refunded me the £176 worth of fraudulent charges.
Yes, passwords changed, I had a different password for my user and admin accounts. Router password is also different.
Well, I think that the vpn guide is the one i'll try first.
Replied by cornz on topic Re: RDP Brute force defences. Help please.
Brute force is harder with a strong password (presumably that was the first thing you changed, as well as your Paypal password and any other service accounts and the router login password). As others have said, your Vigor 2820 can do better than PPTP though, as it's old, not the very latest protocols (but it will still do IPSec/AES).admin wrote:
The real beauty is that my paypal acct had been closed for 3 months!! The bank refunded me the £176 worth of fraudulent charges.
Yes, passwords changed, I had a different password for my user and admin accounts. Router password is also different.
Well, I think that the vpn guide is the one i'll try first.
Please Log in or Create an account to join the conversation.
Moderators: Chris
Copyright © 2025 DrayTek