Hi Experts, I see the occasional event being logged Event 56 TermDD
"The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 184.108.40.206."
A few things, this is one IP address, there are 9 of these since the beginning of July, all different but IP addresses that are not part of our network.
Here is another example : 220.127.116.11
This is an SBS2011 server. Terminal Server is not loaded as a feature (or role, I can't remember which, but it's not loaded)
I can block these on my firewall, but its somewhat like playing whack-a-mole since the IP's are all different.
Does anyone have any suggestions on tracking down what this is and recommendations on how to block it? Is there a service that can be turned off on the server for example to block this, or a firewall rule?