Showing results for 
Search instead for 
Did you mean: 
Level 9

Windows (RDP) Brute Force Detection

I have looked through available signatures and recon items and don't see anything about RDP brute force.  Has anyone ever done any monitoring around this? 

I know... don't publish RDP to the internet ... unfortunately its not my call.  I am just asked to protect it as much as possible.      

0 Kudos
1 Reply
Level 7

Re: Windows (RDP) Brute Force Detection

There's actually a new software called Syspeace out there now that handles brute force attacks on Windows . It blocks , traces and reports via email the origin of the attack (DNS and country)  and what username was tried which is great to know so one can quickly see . Thers' also a global black list in there so every attacks is reported and investigated and if there are x number of attacks from the same IP , all syspeace installation around the world actually get the information an they are protected preemptively.

Just a tip really

Cheers Juha Jurvanen

Senior cconsultant in backup, security, server operations and cloud services

0 Kudos