Hi.
Would it be able for the new RDP Defender to keep a history log of all IP numbers that have successfully connected to the server?
Thanks in advance.
Ivan
RDP Defender IP numbers history log
Re: RDP Defender IP numbers history log
Hello,
This is an existing Windows feature: all the IP addresses that have successfully connected to the server are available in Windows Event Log.
This is an existing Windows feature: all the IP addresses that have successfully connected to the server are available in Windows Event Log.
Adrien
TSplus CTO
TSplus CTO
Re: RDP Defender IP numbers history log
Hi Adrien.
Well, yeah, kind of. The Security Event Viewer will show all Logon events, but when I look at them, it shows the "Source Network Address: 127.0.0.1".
At least for all users here logging through the HTML5 Web Portal. This way, I don't see anywhere I could get these IP numbers, unless I am looking at the wrong place.
Since RDP Defender will have to know that in order to be able to filter attacks, I thought that it could keep a list of all successful logins also.
But if you know a way I can find out that already and don't mind to share, I would appreciate if you told me.
Best.
Ivan
Well, yeah, kind of. The Security Event Viewer will show all Logon events, but when I look at them, it shows the "Source Network Address: 127.0.0.1".
At least for all users here logging through the HTML5 Web Portal. This way, I don't see anywhere I could get these IP numbers, unless I am looking at the wrong place.
Since RDP Defender will have to know that in order to be able to filter attacks, I thought that it could keep a list of all successful logins also.
But if you know a way I can find out that already and don't mind to share, I would appreciate if you told me.
Best.
Ivan
Re: RDP Defender IP numbers history log
I would like to see a history log that shows:
Username in on Date time
Username log out Date/time
Both should have:
Computer name
IP Address
I can get the username via event viewer as well, but no IP or computer name. It always shows 127.0.0.1 and SERVERNAME
Username in on Date time
Username log out Date/time
Both should have:
Computer name
IP Address
I can get the username via event viewer as well, but no IP or computer name. It always shows 127.0.0.1 and SERVERNAME
Re: RDP Defender IP numbers history log
Hello Brian, Hello IvanGB,
Our HTML5 client works by doing a local RDP connection, and then "sharing the screen" efficiently from the server to your HTML5 browser. This second part is TSplus-specific technology, and it is not related to RDP.
This is the technical reason why you see 127.0.0.1 as the IP address when you connect using TSplus HTML5 client: because the RDP connection is done from 127.0.0.1 i.e. the server itself.
RDP Defender defend your server against bad RDP connection on the RDP port of your server, it cannot defend against bad HTML5 connections due to this limitation.
This is also the reason why we automatically add 127.0.0.1 in RDP Defender white-list.
Our HTML5 client works by doing a local RDP connection, and then "sharing the screen" efficiently from the server to your HTML5 browser. This second part is TSplus-specific technology, and it is not related to RDP.
This is the technical reason why you see 127.0.0.1 as the IP address when you connect using TSplus HTML5 client: because the RDP connection is done from 127.0.0.1 i.e. the server itself.
RDP Defender defend your server against bad RDP connection on the RDP port of your server, it cannot defend against bad HTML5 connections due to this limitation.
This is also the reason why we automatically add 127.0.0.1 in RDP Defender white-list.
Adrien
TSplus CTO
TSplus CTO