Hello and good part of the day you are! So I have been having several "Microsoft Windows Terminal server RDP over non-standard port attempt" on wich I have blocked the attackers I.P. and their country traffic. The MX successfully blocked the attacks but theres something bugging me. One of the affected machines, an NVR, is communicating with itself over its public IP address. What do I mean? the NVR private ip x.x.x.250 is reaching its NAT 1:1 x.x.x.7 IP address over TCP port 80, why this machine would establish communication with itself? Also this same machine is establishing contact with a remotewd.com host for some reason over port 80 and 455 both TCP.   Another machine, a NAS, affected by RDP is contacting the same remotewd.com host but over ICMP.   Am I just confused and paranoid here or theres something else going on? ... View more

One of my networks has received multiple attacks of the kind ID 1-49040 and the wording "compromised windows computer located behind a Firewall" and "It will require already access to a compromised computer inside the target network" makes me think  this attacker is already inside my network wich bothers me quite a bit.   Any advice on this?   Microsoft Windows Terminal server RDP over non-standard port attempt ... View more