I'm getting an alert about a client creating too many RDP sessions. What do I need to do?

In short, nothing; we're just letting you know that it's happening.

3389 is a well-known port that is often left open or unprotected to allow RDP sessions to connect. This has the unfortunate side effect of making it a common target for intrusion attempts. However, Untangle blocks incoming traffic by default. Anything trying to connect to 3389 will be blocked unless you've created a Bypass Rule, Filter Rule, port forward, etc. to allow that traffic. The alert is just to let you know that we're seeing some unusual traffic. You can read about disabling those alerts here. If you'd like to be doubly sure, you can set up Triggers to explicitly block those connection attempts.

The one caveat to this would be if the Untangle is bridged to another device upstream, in which case we're not blocking anything. In that case, however, we would expect the upstream device(s) would be acting as a firewall.

Follow
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk