Firewall Wizards mailing list archives
Re: RDP into a PC
From: "Sam Stern" <samstern () samstern net>
Date: Fri, 19 May 2006 12:23:07 -0400
-----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Julian M D
Yes, this is the corect port forwarding! Check the spelling on cisco(config)#Acces-group out-to-in in interfae outside Julian Dragut On 5/19/06, Ratna Thurairatnam <ratna1504 () yahoo com> wrote:Hi All, I am new to pix and need your help please pix has few other access-list i want to open a port 8080 so that a user can rdp into hisPC using the format publicip:8080ill it work If i do these,? cisco(config)#Static (inside,outside) tcp interface 808010.0.0.253 3389 netmask 255.255.255.255 0 0cisco(config)#Access-list out-to-in permit tcp anyinterface outside eq 8080cisco(config)#Acces-group out-to-in in interfae outside your help would be appreciated. Thank you in advance
Hi All, I'm a little concerned by your choice of ports. Port 8080 has one of the highest instances of malicious traffic -- everything from attempts to abuse the proxy server(s) that use that port to proxy related DoS attempts. You will be forwarding this "bad" traffic into the user's PC as well. While it's unlikely that such traffic will ever remotely compromise the Remote Desktop system, such traffic could still cause unneeded problems. At best, this will generate unneeded security events and may sap some bandwidth from the remote desktop connection and at worst you may inadvertently DoS that PC. I would suggest that you select another, less abused, port for this rule. Respectfully, Sam Stern Grand Island, New York, USA _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RDP into a PC Ratna Thurairatnam (May 19)
- Re: RDP into a PC Julian M D (May 19)
- Re: RDP into a PC Sam Stern (May 20)
- Re: RDP into a PC Julian M D (May 19)