RDP Question

I have somebody who showed me his RDP client history. It has a bunch of local loopback addresses with random ports. He says he never used RDP except for the one address which I blacked out which is a SQL server. I always thought RDP history shows what RDP connections the local box has accessed before.

I am guessing this isn't proper network behavior though and the random attempts with different port numbers is suspicious?

Find more posts tagged with

Comments

joelsfood

Generally localhost addresses like that would be RDP'ing to an ssh tunnel running from your machien to another host.

markulous

Guessing the user is connecting to a VPN or some other device and RDPs from there.

tpatt100

markulous wrote: »

Guessing the user is connecting to a VPN or some other device and RDPs from there.

That is probably it I will check with him

TheNewITGuy

prolly ssh tunnel over putty

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of