Kaspersky: Hackers try to take over PCs running remote desktop software

vbimport

#1

We’ve just posted the following news: Kaspersky: Hackers try to take over PCs running remote desktop software[newsimage]http://static.myce.com//images_posts/2014/06/myce-kaspersky-rdp-95x75.png[/newsimage]
[quote][/quote]
Read the full article here: http://www.myce.com/news/kaspersky-hackers-try-to-take-over-pcs-running-remote-desktop-software-72132

            Please note that the reactions from the complete site will be synched below.

#2

That sux…:frowning:
I really need it,as it’s the only way to enable audio in Hyper-V virtual machines…:sad:
I suppose I could run VMWare Player or Virtualbox too on win 8.1,but I like Hyper-V …


#3

[QUOTE=roadworker;2730878]That sux…:frowning:
I really need it,as it’s the only way to enable audio in Hyper-V virtual machines…:sad:
I suppose I could run VMWare Player or Virtualbox too on win 8.1,but I like Hyper-V …[/QUOTE]
Not for nothing but Kaspersky has a habit of letting people know that there is a terrible threat out there and if you buy their software you can avoid it. I would do more investigation, I am not saying its not true, just more info is needed.


#4

I have seen these bruteforce attacks a few years ago, where my DSL connection kept intermittently slowing down to the point that I couldn’t stream video. At first I thought my ISP was at fault until I brought up TCPView and saw a large number of connections constantly being made and dropped on port 3389, i.e. a bruteforce attack. The only way I was able to stop these attacks was by changing the port number.

Microsoft has the following guide to changing the remote desktop port number:
http://support.microsoft.com/kb/306759

Once the port is changed (and router port forwarding configuration), the way you connect is host:port, e.g. if the hostname is username.dyndns.org and the port # is 6921, then you would connect enter username.dyndns.org:6921 for the remote desktop address.


#5

I don’t use Remote Desktop Protocol at all. In addition any connection request for port 3389 will be blocked on my router and not forwarded into my local network.

For remote connections I’m using UltraVNC but again this is only available in my local network, i.e. either from local machines or via VPN tunnel from outside.


#6

@sean- wouldn’t just changing the external port number on the router have the same effect from remote hackers?

Why do intranet port numbers need to be modified? Unless a machine on the network has already been owned.


#7

I always disable these features.


#8

Me too.
It’s not necessary to run all these services even more when you don’t need them (all the time).