Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

TCP Dup ACK on port 3389

Posted on 2014-03-05
2
Medium Priority
?
841 Views
Last Modified: 2014-03-05
Hi

On a Windows SBS 2008 R2 I am running Wireshark to understand what might be causing slow network file transfers with the server.

I have consequently noticed numerous TCP Dup ACK lines and some coming from outside the network e.g. Kuwait, Gabon, Deutschland, ...

What is curious is that these TCP Dup ACK packets are all aimed at port 3389 (Terminal Server). Therefore I can assume that someone(s) is trying to get 'in'.

Is there such a thing as a Dup ACK ddos attack?

Not sure what to do to discourage these attempts

If I had a Mikrotik router at this client's site I could add these entries into an Address list, drop further attempts, and forget about them.

Can I do anything similar under W2K8 SBS R2 ?

thanks
yann
0
Comment
Question by:Yann Shukor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 1000 total points
ID: 39907125
Had similar problem - your RDP  is being brute forced:)

several options here

1 disable 3389
2 use rdp though https gateway (rdweb)
3 Or like me get yourself that http://rdpguard.com/  (use ip block - it will block access after set amount of wrong password)
( just to clarify - i am not employee of this company :-))
0
 
LVL 35

Assisted Solution

by:Dan Craciun
Dan Craciun earned 1000 total points
ID: 39907133
Or, if you only RDP from a known list of IPs, add those as a rule in Windows Firewall.

I always considered whitelisting safer than blacklisting...

HTH,
Dan
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
This article covers the basics of data encryption, what it is, how it works, and why it's important. If you've ever wondered what goes on when you "encrypt" data, you can look here to build a good foundation for your personal learning.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question