TCP Dup ACK on port 3389
Posted on 2014-03-05
On a Windows SBS 2008 R2 I am running Wireshark to understand what might be causing slow network file transfers with the server.
I have consequently noticed numerous TCP Dup ACK lines and some coming from outside the network e.g. Kuwait, Gabon, Deutschland, ...
What is curious is that these TCP Dup ACK packets are all aimed at port 3389 (Terminal Server). Therefore I can assume that someone(s) is trying to get 'in'.
Is there such a thing as a Dup ACK ddos attack?
Not sure what to do to discourage these attempts
If I had a Mikrotik router at this client's site I could add these entries into an Address list, drop further attempts, and forget about them.
Can I do anything similar under W2K8 SBS R2 ?