?
Solved

TCP Dup ACK on port 3389

Posted on 2014-03-05
2
Medium Priority
?
824 Views
Last Modified: 2014-03-05
Hi

On a Windows SBS 2008 R2 I am running Wireshark to understand what might be causing slow network file transfers with the server.

I have consequently noticed numerous TCP Dup ACK lines and some coming from outside the network e.g. Kuwait, Gabon, Deutschland, ...

What is curious is that these TCP Dup ACK packets are all aimed at port 3389 (Terminal Server). Therefore I can assume that someone(s) is trying to get 'in'.

Is there such a thing as a Dup ACK ddos attack?

Not sure what to do to discourage these attempts

If I had a Mikrotik router at this client's site I could add these entries into an Address list, drop further attempts, and forget about them.

Can I do anything similar under W2K8 SBS R2 ?

thanks
yann
0
Comment
Question by:Yann Shukor
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 1000 total points
ID: 39907125
Had similar problem - your RDP  is being brute forced:)

several options here

1 disable 3389
2 use rdp though https gateway (rdweb)
3 Or like me get yourself that http://rdpguard.com/  (use ip block - it will block access after set amount of wrong password)
( just to clarify - i am not employee of this company :-))
0
 
LVL 35

Assisted Solution

by:Dan Craciun
Dan Craciun earned 1000 total points
ID: 39907133
Or, if you only RDP from a known list of IPs, add those as a rule in Windows Firewall.

I always considered whitelisting safer than blacklisting...

HTH,
Dan
0

Featured Post

Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question