• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 783
  • Last Modified:

Brute Force or Virus ?

Hello,
By the end of last year one of my servers was hacked, i really dont know exaclty how the person managed to get my rdp password.
I had rdp open 3389 to all ips, i had a small case password like "u00xyt"
Do you think they could have breaking thru brute force ?
Or they managed to get that pass some way else ?

Thanks !

 
0
netwhw
Asked:
netwhw
  • 2
1 Solution
 
PowerITCommented:
Hi,

my ranking:

on 1: Terminal server can be brute forced -
using e.g. TSGrinder http://www.msterminalservices.org/articles/Brute-Force-Hacking-Terminal-Server-Environments.html -
without triggering account lockouts. This is even if you defined account lockouts in your password policy. Using such a short and weak password, this is trivial. Of you give direct RDP access (without VPN) then you MUST enforce very strong passwords = complexity requirements + min 9 characters (I would even say 10, but hey, I'm a security pro).

on 2: Your password was grabbed using a keylogger (deliberately installed) or similar malware. You can determine the likelihood of this by thinking about how much you log on using untrusted PC's (kiosk, 'friend', internetcafé, ...)

on 3: There is a very hard to pull off man in the middle attack against RDP (up till v5). Very unlikely, unless you are in an environment with very interesting information which is worth a lot of effort.

kr, J.
0
 
netwhwAuthor Commented:
So the most probably was the Brute force...
What do you recommend to do beyond long and complex passwords ?
What is that you mention, account lockout ?
0
 
PowerITCommented:
Yep, the most propable is brute force
Recommendation next to strong passwords: access your terminal server through a plain VPN or an SSL VPN. This depends on valuable your data and infrastructure is. A good password may be enough.
Account lockout: the automatic locking of an account when a wrong password has been tried x times. You can set this in the local security policy or push through group policies.
If you need more information on password policies, please create a new question, as this one is closed.

kr, J.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now