RDP connection bruteforce

holian · October 26, 2013, 11:05pm

Master,

I really need your help. I have to set our router to:

drop RDP connection if connection not initiated from our country. (if its possible)
or make some RDP brute force prevention.

Somebody try to access our server via RDP with brute forcing our user name and password.

I try to set up someting like this changin the port to 3389

http://wiki.mikrotik.com/wiki/Bruteforce_login_prevention_(FTP_%26_SSH

Any suggestion apperitiated.

Thank you

Holian

CTrain · November 8, 2013, 4:54am

The wiki post is to stop SSH/FTP attacks on the router try changing the chain to forward and the port to RDP prot, however that may not work if the connection failed packet is different. If that is the case the connection failed packet contents will need to be sniffed using a packet capture software. and the new information added to content section in the third rule

Rudios · November 8, 2013, 7:33am

How is your traffic arranged. I can imagine that NAT is used.
If so, use a non-default port on the outside.