How to determine listening port for Remote Desktop remotely?

By robertlv ·
Someone has been able to logon to our server and change the port that Remote Desktop listens on. In the past, it has been changed to port 80. Recently, it has been changed to an unknown assignment.

My question is two-fold:

Is there a way to learn the listening port for Remote Desktop remotely? (I do not have access to the console.)

How can I prevent future attacks like these from happening?

Any ideas?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Look here.

by bart777 In reply to How to determine listenin ...

The listener port is listed in the registry.
Here is a link for you:

After that I would strongly suggest that you begin a campaign of changing passwords and increasing the complexity. If someone is getting in then they must either know an administrative account password or have created one.

Change the RDP port to some other port number youself. Don't put it pack to 3389. Make it something you can remember but mmore random.

Start plugging all of the holes in the firewall. Only open the post that you need. Just keep things like e-mail and RDP open and shut everythign else off.

Audit all of the security groups on the server. Remove anyone that doesn't absolutely need it from the administravice groups. Also look at the local policy and see who is in the Remote Desktop group. Restrict that access as tightly as you can.

Hope this helps.

Related Discussions

Related Forums