Solved

TCP Dup ACK on port 3389

Posted on 2014-03-05
2
801 Views
Last Modified: 2014-03-05
Hi

On a Windows SBS 2008 R2 I am running Wireshark to understand what might be causing slow network file transfers with the server.

I have consequently noticed numerous TCP Dup ACK lines and some coming from outside the network e.g. Kuwait, Gabon, Deutschland, ...

What is curious is that these TCP Dup ACK packets are all aimed at port 3389 (Terminal Server). Therefore I can assume that someone(s) is trying to get 'in'.

Is there such a thing as a Dup ACK ddos attack?

Not sure what to do to discourage these attempts

If I had a Mikrotik router at this client's site I could add these entries into an Address list, drop further attempts, and forget about them.

Can I do anything similar under W2K8 SBS R2 ?

thanks
yann
0
Comment
Question by:Yann Shukor
2 Comments
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 250 total points
ID: 39907125
Had similar problem - your RDP  is being brute forced:)

several options here

1 disable 3389
2 use rdp though https gateway (rdweb)
3 Or like me get yourself that http://rdpguard.com/  (use ip block - it will block access after set amount of wrong password)
( just to clarify - i am not employee of this company :-))
0
 
LVL 34

Assisted Solution

by:Dan Craciun
Dan Craciun earned 250 total points
ID: 39907133
Or, if you only RDP from a known list of IPs, add those as a rule in Windows Firewall.

I always considered whitelisting safer than blacklisting...

HTH,
Dan
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question