It is unlikely that failed RDP logins are taking the server down. I
wouldn't be concerned, unless the login attempts are of such volume as to
effectively be a DoS attack. A lot (100s) of my companies clients have
direct RDP access from the internet and we have not seen a whiff of trouble
in a lot of years.

That said, if the server is not behind a firewall (I like Astaro and
SonicWall myself) you are asking for trouble. I would not put a Windows
server with any critical data or function directly on the internet. If the
server is directly on the internet it is far more likely that another hole
resulted in some malware that is causing trouble, or that your supposition
is correct.

You also need to take the following security measures ...
1/ Have really complex passwords on all administrative users
2/ Restrict the users allowed to log into the server.
3/ Rename the default users (particularly administrator), or create
equivalents and disable the standard ones.
4/ Change the default SQL Server admin user and password (sa, no password).

Good luck,
---------
Tom Jedrzejewicz
tomjedrz@xxxxxxxxxxxxxx

"Illegitimi non carborundum"



On Tue, Jan 10, 2012 at 12:10 PM, Roger Vicker, CCP <rv-tech@xxxxxxxxxx>wrote:

Hello,

I've got a windows 2008 system that we use RDP on to remote into the
local network for maintenance and support. We've been logging a lot of
invalid logon attempts from the internet. One admin thinks that these
are causing the server to lock up about once a month. I think it is a
memory leak from the SQL server instance for the backup software.
Blocking RDP from all but a few IPs isn't really viable as when we are
outside we are mobile and seldom know ahead of time what IP we will be
using.

Has anyone else seen a server brought down by invalid RDP logins?

Other than switching to a VPN, how have you dealt with large number of
login attempts?

Thanks.

Roger Vicker, CCP

--
*** Vicker Programming and Service *** Have bits will byte ***
www.vicker.com ***
Don't be afraid to take a big step if one is indicated. You can't cross a
chasm in two small jumps. -- David Loyd George

--
This is the PC Technical Discussion for iSeries Users (PcTech) mailing list
To post a message email: PcTech@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/pctech
or email: PcTech-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/pctech.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.