So, just for giggles, I re-opened RDP to the Internet for 15 minutes. So unscrupulous attackers will simply blast known username/password combos at RDP until something sticks and once they are in, it’s game over. See the issue with RDP based access, especially if you leave the default port of 3389 open is that every mother and his dog will just start password spamming your Windows box, and by default, it will do nothing about these attempts. I just figured I’d leave RDP open for a little while longer. The stupid thing was, I was actually in the process of moving from RDP and mRemoteNG over to Royal TS and along with it Royal Server thanks to a free license as part of the MVP program. It turns out I had used an old password when building the server years ago and had forgotten about the local admin password when updating account passwords (GirlGems would kill me) and my automatic blocking script on my Mikrotik did nothing about it as it only detects port scans, not bad logins The long story short is I had RDP open to the Internet and despite having a domain controller and updating most of my passwords when they appeared on whoever found an account and dropped malware encrypting my lab and demanding a $6000 ransom. Okay, so as some of you might know, my home lab recently got hacked. This is my experience after a real incident that I should have done something about sooner. Full disclosure: Whilst I obtained a copy of RoyalTS/Server via the MVP program, I was in no way obligated to write this article.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |