EFTEC / Cyberarms

It is a library
https://www.eftec.cl
MIT License
55 stars 44 forks source link

won't detect attack from wan but will detect attack from lan #1

Closed cstraubgo closed 6 years ago

cstraubgo commented 6 years ago

I've installed Cyberarms on several PCs that are exposed to RDP. Most of the time it works flawlessly. Always test after install from across wan. Not sure why, but IDDS is not detecting attack over WAN, but it is detecting attacks from lan. I thought that maybe the router was somehow stripping IP info from the packet header, etc... but I installed "RDP guard" and it worked and detected the WAN attack (and reports the offending IP). I have rebooted the computer several times and checked that windows firewall is running. The IDDS service is running and the proper agent is running as well. Any help is appreciated.

jorgecc commented 6 years ago

This fork is not maintained. It's just a mirror.

I had problems with an RDS attack, and it worked. However, I decided to change the default port of RDP. It was easy and surprisingly effective.

Regards.