RDP Question
I have somebody who showed me his RDP client history. It has a bunch of local loopback addresses with random ports. He says he never used RDP except for the one address which I blacked out which is a SQL server. I always thought RDP history shows what RDP connections the local box has accessed before.
I am guessing this isn't proper network behavior though and the random attempts with different port numbers is suspicious?
I am guessing this isn't proper network behavior though and the random attempts with different port numbers is suspicious?
Comments
-
joelsfood
Member Posts: 1,027 ■■■■■■□□□□
Generally localhost addresses like that would be RDP'ing to an ssh tunnel running from your machien to another host. -
markulous
Member Posts: 2,394 ■■■■■■■■□□
Guessing the user is connecting to a VPN or some other device and RDPs from there. -
tpatt100
Member Posts: 2,991 ■■■■■■■■■□
Guessing the user is connecting to a VPN or some other device and RDPs from there.
That is probably it I will check with him
