syntec
asked on
Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.
I am a technician for a IT support company. Most of my clients have one server that is a DC and up to 30 workstations.
Recently all the servers have had the following event:
Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.
The problem with this event is that no one connects using terminal services or RDP within the site or from off site.
I am not sure if someone is trying to hack in or not. We as a company to have RDP capablities to our clients sites, but no one from our company was trying to remote in at the times the event take place.
The event happens every six seconds for about an hour several time through out the day and night.
Recently all the servers have had the following event:
Remote session from client name a exceeded the maximum allowed failed logon attempts. The session was forcibly terminated.
The problem with this event is that no one connects using terminal services or RDP within the site or from off site.
I am not sure if someone is trying to hack in or not. We as a company to have RDP capablities to our clients sites, but no one from our company was trying to remote in at the times the event take place.
The event happens every six seconds for about an hour several time through out the day and night.
setasoujiro
you say you have RDP to the client, does that mean that the server is just floating around with RDP open on the internet?
ASKER
It depends on what you mean by floating around? I wouldn't say it is open.
ASKER
We use a dns name to access the ip address and have RDP forwarded to the server.
ASKER
hack attempts are being made. What is a better way to set up remote access?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
you should NEVER leave rdp open to the internet, not on another port or anything.
makyj is right about the RDG
But I would advise buying a small hardware firewall, which can do VPN as well
example Watchguard XTM22 (costs around 600$)
and if that really isn't an option, then you better use something like logmein , this way you're "secured"
makyj is right about the RDG
But I would advise buying a small hardware firewall, which can do VPN as well
example Watchguard XTM22 (costs around 600$)
and if that really isn't an option, then you better use something like logmein , this way you're "secured"