cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

RDP on a Non-Standard Port

Kind of a big deal

RDP on a Non-Standard Port

This one is fun, so I thought I'd share. I'm getting this from our Provisioning team who opened a case with Support and received this answer.

 

***Edit***

 

I quoted the wrong rule on the first post. It's actually https://www.snort.org/rule-docs/1-49040

 

***End Edit***

 

And apparently this rule is always triggered when the MX detects RDP being used on a port other than 3389. 

 

Now, for real people, you shouldn't ever expose RDP to the internet on any port... But I get that it's done. So for those doing it on non-standard ports watch out for this. You might be cut off from your remote desktops 😞

9 REPLIES 9
Kind of a big deal

Re: RDP on a Non-Standard Port

Kind of a big deal

Re: RDP on a Non-Standard Port

Nevermind me. I'm being dumb. I'm quoting the wrong rule. Support did give us Sid 1-49040... It's me that's screwing up the copy pasta 😞

Community Manager

Re: RDP on a Non-Standard Port

Copy pasta! Yummmm
Caroline S | Community Manager, Cisco Meraki | @merakicaroline
New to the community? Get started here
Conversationalist

Re: RDP on a Non-Standard Port

Jesus Christ this issue did my head in. Was struggling the entire WEEK trying to figure out why RDP was throwing "internal error" messages and why connections would logon then log off.

 

We have 2 virtual servers that clients RDP into. One was working fine and the other (of course, our main one which uses different ports) crapped out on Tuesday (which I see now is when the definitions got added/updated).

 

What a nightmare.

 

Does this rule only relate to RDP requests using different ports than 3389? I'm concerned about whitelisting this rule for our server that uses different ports and thereby lowering the additional security (if any) this rule might provide.

Highlighted
Kind of a big deal

Re: RDP on a Non-Standard Port

If you want to portforward multiple servers behind a single public IP you probably don't have much of a choice.

 

To avoid the issue (and increase security at the same time), imo, ideally you build a VPN tunnel to the target network and use RDP over that tunnel directly to the destination IP addresses without port forwarding.

Conversationalist

Re: RDP on a Non-Standard Port

Thank you. Is there a way to modify the enforcement of this rule on the MX so it doesn't trigger on the default OR the alternate port I'm using but still trigger on others? Basically a way to write in a whitelist for this rule but only on two specific ports.

Kind of a big deal

Re: RDP on a Non-Standard Port


@Blueshift wrote:

Thank you. Is there a way to modify the enforcement of this rule on the MX so it doesn't trigger on the default OR the alternate port I'm using but still trigger on others? Basically a way to write in a whitelist for this rule but only on two specific ports.


Not possible for now I think.

Kind of a big deal

Re: RDP on a Non-Standard Port

You can't modify it, but you can whitelist it on the Threat Protection config page. But, be careful here, these settings are Org wide, not specific to that network. You can only whitelist Org wide.

 

image.png

Conversationalist

Re: RDP on a Non-Standard Port

Thanks, I've done that. I'd just ideally like a way to keep the security this rule provides but be able to edit in the ports that it should ignore since one of our servers uses non-standard RDP ports.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.