RDP on Vista Ultimate x64

Discussion in 'Networks' started by Node, Nov 28, 2007.

  1. Node

    Node Byte Poster

    122
    2
    17
    Hi, i have enabled RDP on my Vista Ultimate x64 and i have the port opened, i have static IP. I can RDP to my machine from another machine on my network, but for some reason i cannot seem to RDP to it from machines which are external to the network, have i missed something here? It USED to work perfectly on server 2003.
     
    Certifications: MCSA, MCSE,
  2. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Windows firewall? Or a 'real' firewall not forwarding 3389 to the correct internal IP? (presuming you have changed IP addresses along with the new machine)
     
    Certifications: A few
    WIP: None - f*** 'em
  3. Node

    Node Byte Poster

    122
    2
    17
    hahahahah oooopps forgot about forwarding the port to the new IP!!! THANK YOU, ill try that and get back to you :):biggrin:biggrin
     
    Certifications: MCSA, MCSE,
  4. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    LOL - easily done. Sometimes its hard to see the wood for the trees - today, for instance, i spent 45 minutes looking at a problem with a firewall rule - trying to NAT traffic, PAT it, NAPT it and God knows what else - only to realise that i hadn't changed the sodding service that the policy was using from a cloned one I made earlier.

    Doh!

    PS: Please tell me you're not just opening up 3389 on the external side of your router and forwarding it directly to the internal IP address...
     
    Certifications: A few
    WIP: None - f*** 'em
  5. Node

    Node Byte Poster

    122
    2
    17
    hehehe yeh happens to me alot, and no :P not just opening up 3389!
     
    Certifications: MCSA, MCSE,
  6. Sparky
    Highly Decorated Member Award 500 Likes Award

    Sparky Zettabyte Poster Moderator

    10,718
    543
    364
    What? You are not opening up more ports are you? Might as well switch off the firewall then! :biggrin

    If you have Server 2003 you can at least use RRAS for VPN access.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) MS-900 AZ-900 Security+ Network+ A+
    WIP: Microsoft Certs
  7. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Why not? I do. I open up an ethereal port for ssh. Require both a cert and a password for ssh to connect. Forward the port directly to the machine. Then tunnel rdp/vlc, which ever is appropriate, over ssh. I also restrict ssh with hosts.allow and hosts.deny.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  8. zebulebu

    zebulebu Terabyte Poster

    3,748
    330
    187
    Freddie, that's almost as paranoid as me... :biggrin

    Seriously though - the port you use really doesn't make much difference. Any decent service enumerator (AMap springs to mind, or, for the GUI freaks, Nessus would work just as well) will find out what's REALLY running on that odd looking port you've opened up. Of course, the only real eploitable vuln with SSH is brute forcing - which your cert should protect you against. I've never done it, but I'd imagine you can also set SSH to deny connection attempts from a specific IP, or for a set period of time, after a set number of failed logins - that would give you even more peace of mind.

    Personally, I'm quite happy with my VPN set up - logfiles prove someone tries to seriously ream me about once every three days and (touch wood) I've not had anything get through my defences yet.
     
    Certifications: A few
    WIP: None - f*** 'em
  9. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Zeb,

    Hosts.allow and hosts.deny are the means of restricting access to either specific IP addresses or to network blocks in Linux. I don't have anything in place for dictionary attacks, but they will have to be pretty thorough as we have a paranoid limit on the number and variety of characters required in our passwords, and guess correctly what IP addresses have been OK'ed for connections.

    In hosts.deny you can deny all connections, and then override that with specific allowances in hosts.allow. It's pretty nice.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  10. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    LOL.... You ought to see how often spammers try to use Apache as a proxy to push spam when your site set up requires a proxy to be used. I've been pushing to move away from that and it looks like we are, but the Apache logs are full of attempts to hijack the proxy server. It's pretty simple to just use a rewrite rule to deny them access, but they still try a lot.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.