Meraki

Community

Huge number of RDP connections blocked

CrucialTech
Conversationalist
‎Sep 26 2019 1:26 AM
‎Sep 26 2019 1:26 AM

Huge number of RDP connections blocked

I am showing about 83,000 'Microsoft Windows Terminal server RDP over non-standard port attempt ' in the security center of an MX65 in the last 2 weeks. Mostly from Russia but also from other European countries and the US too.

 

I do have port forwarding set up for RDP but client VPN is set up and being used by authorized users. I have one other port open for an ACT database sync. My understanding is that if the VPN is set up that is the only way in and these attempts will always fail. Do I have anything to worry about? Is there anything I can do to prevent this... seems like they've got my number!

 

Thanks

 

0 Kudos
8 Replies 8
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 26 2019 1:44 AM
‎Sep 26 2019 1:44 AM

If you don't have any externally exposed RDP ports then you have nothing to worry about.

0 Kudos
In response to PhilipDAth
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 26 2019 1:45 AM
‎Sep 26 2019 1:45 AM

Sorry I mis-read.  You do have a NAT allowing RDP from the outside world.

 

Considering you have client VPN configured - I'd remove that RDP NAT.

0 Kudos
In response to PhilipDAth
CrucialTech
Conversationalist
‎Sep 26 2019 8:00 AM
‎Sep 26 2019 8:00 AM

To be clear, I do not have any 1:1 NAT rules or 1:many NAT rules. I do have several port forwarding rules so that individuals can RDP into their specific machine.

 

With the client VPN running on my home machine I can RDP into the site. Without the VPN running, I can't. So I'm thinking all is fine but was just checking to be sure that no RDP is possible without the client running through the VPN.

 

Thank you

0 Kudos
In response to CrucialTech
BrechtSchamp
Kind of a big deal
‎Sep 26 2019 10:39 AM
‎Sep 26 2019 10:39 AM

You shouldn't need port forwarding if you VPN in?

0 Kudos
In response to BrechtSchamp
CrucialTech
Conversationalist
‎Sep 26 2019 10:53 AM
‎Sep 26 2019 10:53 AM

Really? We can set up RDP without port forwarding? Can you point me in the right direction to accomplish that? Thank you
0 Kudos
In response to CrucialTech
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Sep 26 2019 12:47 PM
‎Sep 26 2019 12:47 PM

There is literally nothing to do.  Just VPN in and RDP directly to the machines private IP address.

In response to PhilipDAth
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Sep 26 2019 1:26 PM
‎Sep 26 2019 1:26 PM

Allowing external RDP conections is very risky. As suggested I would use VPN instead and then your users can RDP to the machine using its LAN IP. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
In response to PhilipDAth
CrucialTech
Conversationalist
‎Sep 26 2019 3:08 PM
‎Sep 26 2019 3:08 PM

Of course... easy peasy. I will do that and then remove the port forwarding rules. Thanks for the tip.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2025 Cisco Systems, Inc.