RDP Defender

Help us improve our product. Feature requests are welcomed!
Post Reply
IvanGB
Posts: 93
Joined: Sat Feb 06, 2016 2:26 pm

RDP Defender

Post by IvanGB » Thu Apr 28, 2016 1:27 pm

Hi.

I have upgraded to the latest version and installed the RDP Defender tool, great addition!

At the end of the installation process, I got a message advising to add the remote administrator workstation IP to the White List, which made sense, so I wouldn't, accidentally, be added to the Block List and never have remote access to the TSPlus server anymore. At this stage, I got a bit confused by the message, since my TSPlus server is not in my local network, but in the cloud. So, the message kind of implies that we should add our local workstation IP to the White List, but being remote, shouldn't it be my remote network external IP, from where my workstation is installed in, that I should enter? Then, I added my external IP, since the local IP from my workstation could be the same from another user in another network, who I wouldn't like to give access to.

After all this, I went to the TSPlus admin application and accessed the Session Manager, which shows my user logged in and its Client Address, and for my surprise, the client address is my local workstation IP number. This made me think, will RDP Defender work with this local IP number too in the case of White List and Blocked IPs? If so, this could bring many issues to the case.

Sorry if I made myself confusing. So, what IP number should I enter into the White List and what IP number will be Blocked in case of attacks?

Thanks in advance.

Ivan

adrien
Posts: 43
Joined: Thu Sep 10, 2015 10:39 am

Re: RDP Defender

Post by adrien » Thu Apr 28, 2016 6:03 pm

Hello,

Your analysis is perfectly right.

The "Client Address" is indeed the local IP, this is used by some of our customers to check the connected workstations inside their own private network. This is not really interesting when your users connect from another network.

Regarding RDP Defender white list, you want to add your external (public) IP address, as RDP Defender wants mainly to block external IPs.
So yes, good thinking ;)
Adrien
TSplus CTO

IvanGB
Posts: 93
Joined: Sat Feb 06, 2016 2:26 pm

Re: RDP Defender

Post by IvanGB » Thu Apr 28, 2016 7:08 pm

Hey!

Thank you for the attention.

One thing I noticed. If I access my remote TSPlus server through Remote Desktop application, the Session Manager shows the Client Address as my workstation local IP address. On the other hand, if I connect to the server using the HTML5 Web access, once logged on, the Client Address shows as my network external IP number. Interesting... :-)

jkuijt
Posts: 114
Joined: Sat Jan 04, 2014 1:41 pm

Re: RDP Defender

Post by jkuijt » Fri Apr 29, 2016 6:42 am

IvanGB wrote:If I access my remote TSPlus server through Remote Desktop application, the Session Manager shows the Client Address as my workstation local IP address.
On the other hand, if I connect to the server using the HTML5 Web access, once logged on, the Client Address shows as my network external IP number.
Hi Ivan,

Here the exact same behavior with our vps (with Windows 2012 R2) in the cloud with TSplus.
When using mstsc.exe, Session Manager shows my local IP address.
So is RDP Defender only meant/suitable for HTML5 connections?!

Best regards
Jeffrey

adrien
Posts: 43
Joined: Thu Sep 10, 2015 10:39 am

Re: RDP Defender

Post by adrien » Tue May 03, 2016 1:18 pm

Hello jkuijt,

Session Manager and RDP Defender are two different tools.
They are not related at all.

RDP Defender will work for any RDP connection on your RDP port.
Adrien
TSplus CTO

zamiksica
Posts: 1
Joined: Fri Jul 07, 2017 10:12 am

Re: RDP Defender

Post by zamiksica » Fri Jul 07, 2017 10:15 am

Hello
when I install RDP defender, I can add my current external IP as exclusion IP (if I understand correctly) but my IP change daily - that means I can not access my VPS any more?
How to solve that, please?

Post Reply