terminal server security - looks like hackers
Posted on 2011-09-26
Looking at my router/firewall I can see a couple different IPs trying the RDP port 3389. I have this port open to allow project managers to work. They do not use a vpn but have the rdp user/password login.
As an example I have this ip trying to look into the port 3389 about 100 times every 3 minutes. 18.104.22.168. When I look at TS event viewer I cannot see anyone trying to login.
I suppose this is a 2 part question.
a) what do you think this ip is trying to do ?...if I can't even see it trying to login.
b) is there any threat here and should I be doing something else?
any advice would be helpful.