Jump to content

Bth

Members
  • Posts

    3
  • Joined

  • Last visited

Posts posted by Bth

  1. What I don't understand is how Malwarebytes could be detecting brute force attacks against RDP when that port is blocked at my external firewall.  I have a port forwarding rule set up for RDP to use from external addresses.  So I wouldn't think that any brute force attacks should be getting through.  When I test 3389 from an external site it doesn't get through.  So I think the blockage is working, yet Malwarebytes is reporting some external IPs trying to get to that port.  Doesn't compute with me... 

  2. I'm getting the RDP port blocked in my alerts.  I don't quite understand how that could be occuring, because I have a separate firewall on my network gateway that does not let RDP 3389 through.  How could this be blocking random IP addresses if they shouldn't be able to get to the computer? 

    I see its showing svchost.exe as the program, so could this be something internal to my network?  Trying to understand the source of the blocked ip, which is in fact an external ip address.

    Thanks,
    Brian

    Mal-3389-1.JPG

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.