Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

TCP Dup ACK on port 3389

Posted on 2014-03-05
2
Medium Priority
?
853 Views
Last Modified: 2014-03-05
Hi

On a Windows SBS 2008 R2 I am running Wireshark to understand what might be causing slow network file transfers with the server.

I have consequently noticed numerous TCP Dup ACK lines and some coming from outside the network e.g. Kuwait, Gabon, Deutschland, ...

What is curious is that these TCP Dup ACK packets are all aimed at port 3389 (Terminal Server). Therefore I can assume that someone(s) is trying to get 'in'.

Is there such a thing as a Dup ACK ddos attack?

Not sure what to do to discourage these attempts

If I had a Mikrotik router at this client's site I could add these entries into an Address list, drop further attempts, and forget about them.

Can I do anything similar under W2K8 SBS R2 ?

thanks
yann
0
Comment
Question by:Yann Shukor
2 Comments
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 1000 total points
ID: 39907125
Had similar problem - your RDP  is being brute forced:)

several options here

1 disable 3389
2 use rdp though https gateway (rdweb)
3 Or like me get yourself that http://rdpguard.com/  (use ip block - it will block access after set amount of wrong password)
( just to clarify - i am not employee of this company :-))
0
 
LVL 35

Assisted Solution

by:Dan Craciun
Dan Craciun earned 1000 total points
ID: 39907133
Or, if you only RDP from a known list of IPs, add those as a rule in Windows Firewall.

I always considered whitelisting safer than blacklisting...

HTH,
Dan
0

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Spectre and Meltdown, how it affects me and my clients?
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

575 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question