RDP Attempts From Unknown IPs, How to Protect?

Not exactly proven security, but Port Knocking can allow you to open up closed ports by sending a special set of packets to the server first.

You could also rent out a cheap server with a dedicated IP address and set up a VPN, then explicitly set the firewall to only allow connections from the VPN IP.


Most of the RDP attacks are being targeted on standard 3389 port. Changing that port to any non-standard port like 8123 will make your remote desktop service listening to it.

How-to-change-the-listening-port-for-Remote-Desktop

Once you change it, you will need to specify the port number while initiating remote desktop connection. eg. IPaddress:8123


You may want to check out RDPGuard (Essentially fail2ban for rdp) and of course try your best to enforce a good password policy.

Tags:

Ip

Rdp

Attacks