1 Reply Latest reply on Aug 21, 2012 4:22 AM by Juha Jurvanen

    Windows (RDP) Brute Force Detection

    gene33

      I have looked through available signatures and recon items and don't see anything about RDP brute force.  Has anyone ever done any monitoring around this? 

       

      I know... don't publish RDP to the internet ... unfortunately its not my call.  I am just asked to protect it as much as possible.      

        • 1. Re: Windows (RDP) Brute Force Detection

          There's actually a new software called Syspeace http://www.syspeace.com out there now that handles brute force attacks on Windows . It blocks , traces and reports via email the origin of the attack (DNS and country)  and what username was tried which is great to know so one can quickly see . Thers' also a global black list in there so every attacks is reported and investigated and if there are x number of attacks from the same IP , all syspeace installation around the world actually get the information an they are protected preemptively.

          Just a tip really

           

          Cheers Juha Jurvanen

          http://www.jufcorp.com

          Senior cconsultant in backup, security, server operations and cloud services