![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Remote Desktop WAN help.
- Thread starter evil neo
- Start date
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
Open/forward port 3389 on your router, to a static LAN IP of your workstation. Connect to the WAN IP address of your router (or a dynamic dns alias you setup)
dbwillis
[H]F Junkie
- Joined
- Jul 9, 2002
- Messages
- 9,391
Where is the DSL-2540B located, home or work?
Is there a firewall at work, or home?
Is there a firewall at work, or home?
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
It's actually quite secure...long as you have a good Administrator password, and you use a decent password for your user account. You can have it shut down after 3x failed attempts.
And the only exploit against it that I'm aware of...is a "in the labs" man in the middle exploit...I don't recall ever hearing about it happening in the real world.
Oh sorry I don't see your post. 3389 on VPN?
I already know how to use remote for LAN and DMZ before but I have to learn how to use for WAN and no DMZ.
Thank, I will check it out.
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
Yeah DMZ is bad...all 65,000 plus ports wiiiiide open. More than 30 seconds in the DMZ..and I'd want to format the computer.
i was talking to a consultant who we had in doing some penetration testing and he was saying that it is extremely difficult and time consuming to do but that if you can capture an rdp session then you can replay it - how much actual truth is in that i dont know - he could have just been showing off. if i was using rdp natively then i would personally prefer to tunnel it over an ssh session for example - or for pure simplicity just use logmein because that will work anywhere without any firewall configuration.
On your work Router/Firewall, use set your server on a static IP. Do port forwarding of 3389 to that IP address of the server. From home use the WAN ip address of your Router to connect to the RDP server.
Unfortunately you will only be able to do one server or RDP to any host/node. If you want a more secure way, then you might want to just start the RAS service on the Windows server to allow PPTP (VPN) [port 389 -- I think]. There's several guides out there for this, just google it. You'll won't have to port forward 3389, but rather the PPTP port. If you get VPN to work you can just use RDP over the VPN tunnel to the server,
YeOldeStonecat
[H]F Junkie
- Joined
- Jul 19, 2004
- Messages
- 11,330
You can customize ports..run one workstation on 3389, run another on 3390, the third on 3391, etc etc. So there are quite a few ways of having multiple RD hosts on a single LAN. SBS RWW is another..once you get up to busines size. And yes VPN.
True that.
I am right there with you. My friends think I am nuts for not just opening 3389. Instead I require an IPSec or an SSL connection.
Even though you can lock it after "x" failed attempts, I am not comfortable with having a public login available for someone to attempt to crack. <shrugs>
Just as a "proof in the pudding" to one of my friends I found out the username of a person at one of his clients by guessing based off their email address. I was not able to guess the password but he was banging his head at why their account kept getting locked out at random times. I then called that clients office posing as a person who was helping him with a problem and she told me her password without hesitation or verifying with him that it was a valid reason.
So in my opinion opening 3389 to the outside world is a security no-no.