Results 1 to 3 of 3
  1. #1
    Join Date
    Apr 2017

    Default Intrusion Prevention to block Brute Force Attack???

    I am new to Untangle and inherited it and its configuration. Long story short, I also inherited a Terminal Server that is open to the Internet via port 3389 (I know, bad practice but I inherited it and will change this but not at the moment). Anyway, I notice the event log on the Terminal Server full of failed logons to the administrator account. Once in awhile someone will try a different name but 95% are the administrator account (thankfully that account has a good password). After doing some investigating, nothing was being blocked in the Untangle firewall so I started by blocking traffic from countries outside of the US. That cut down on a lot of the entries but there are still a ton from inside of the US. Trying to block each IP address is like playing Whack A Mole. Will the Intrusion Prevention app prevent these attacks or should I be doing something else? If it will prevent these, could someone provide the basics on how to set it up on a production machine without breaking what is already in place and working? Please let me know if I can provide any other information. Thank you in advance for your help.

  2. #2
    Untangler jcoffin's Avatar
    Join Date
    Aug 2008
    Sunnyvale, CA


    Limit the port forward to only the authorized IP addresses or provide VPN access. Having RDP open to the Internet is a huge security hole in your network.


    Last edited by jcoffin; 11-20-2017 at 03:56 PM.
    Attention: Support and help on the Untangle Forums is provided by
    volunteers and community members like yourself.
    If you need Untangle support please call or email

  3. #3
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Phoenix, AZ


    Having RDP open to the world without two factor to back it up is the fastest way to get crypto'd available.

    If you want to limit logons, your weapon is RDPGuard, a very inexpensive utility that will use the windows firewall to maintain lockouts of bad IP addresses. But I warn you, I STILL GOT CRYPTO'D through that. So now I use RDPGuard AND Duo on any RDP service that needs publicly exposed. Everyone else is VPN.
    Rob Sandling, BS:SWE, MCP
    Phone: 866-794-8879 x201

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

SEO by vBSEO 3.6.0 PL2