Re: External connection using port 3389

From: Steven Umbach (n9rou_at_n0spam-comcast.net)
Date: 02/03/04 

Date: Tue, 03 Feb 2004 00:14:11 GMT

That is Terminal Services/Remote Desktop server connection. I believe if you
look in Terminals Services Manager, you should be able to see who is connected.
If that server is not a Terminal Server, then somebody is probably connected
with administrator credentials. It could be a legitimate connection if Remote
Desktop is used to manage that server and possibly the connection is still
logged on from a connection that was not terminated properly. Access to port
3389 tcp should be blocked at the perimeter firewall unless access is desired in
which case it is best to configure the firewall to accept connections only from
certain allowed public IP addresses belonging to those who are allowed to manage
it or better yet use a vpn connection for access. Enabling auditing of logon
events, using complex passwords, renaming the built in administrator account,
and having an account lockout policy should also be implemented to help prevent
hacks from Remote Desktop connections and attacks in general. --- Steve

"BG" <bg2@uasystem.ua.edu> wrote in message
news:emYN8Ce6DHA.2572@TK2MSFTNGP09.phx.gbl...
> netstat -a on a Windows2003 server shows a connection on port 3389 from an
> outside domain address. This sounds like an intrusion to me. Any and all
> feedback appreciated.
>
>

Relevant Pages

  • Re: Outgoing POP3 email missing/lost/not received
    ... Funny thing is that I have had this ISP for 8 years and it has always been ... It looks like when you last ran CEICW, you set the ISP's mail server to: ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot connect client to server 2003
    ... you need to reconfigure the IP schema of your SBS ... On the SBS 2003 Server open the Server Management console. ... On the Connection Type page, click Broadband, and then click Next. ... Alternate DNS server, type the IP addresses that are provided by your ISP ...
    (microsoft.public.windows.server.sbs)
  • Re: Outgoing POP3 email missing/lost/not received
    ... ISP's mail server instead of the domain name on the ... SUMMARY OF SETTINGS FOR CONFIGURE E-MAIL AND INTERNET ... Internet Connection Wizard. ... After the wizard completes, the following network connection ...
    (microsoft.public.windows.server.sbs)
  • Re: Networking Question - VLANs on SBS 2003 Premium SP1
    ... port on the old router so I now have a segregated WLAN. ... be sure you do not enable any DHCP server in internal network. ... On the Connection Type page, click Broadband, and then click Next. ... On the Network Connection, You must enable and configure the network ...
    (microsoft.public.windows.server.sbs)
  • Re: Still cant connect to RWW or OWA remotely
    ... it certainly appears to be something about the SBS configuration. ... Meridian.local Ethernet adapter Local Area Connection: ... Windows SMALL BUSINESS SERVER 2003 Windows IP Configuration ... 192.168.254.254) directly to a port on the router and then ...
    (microsoft.public.windows.server.sbs)