Attacks: Difference between revisions
Wikisailor (talk | contribs) |
Wikisailor (talk | contribs) |
||
| Line 5: | Line 5: | ||
==Cause== | ==Cause== | ||
The principal cause of the attacks was that a DNS name for Walnut was made on Cloudflare as DNS only | The principal cause of the attacks was that a DNS name for Walnut was made on Cloudflare as DNS only. This would have exposed the actual IP address of the Home Lab, in itself that would not have been a problem except there was some reference to port 19000 being used for RDP to Walnut. Even that would not have been so much of a problem if Pfsense had been set to drop everything from outside the LAN. Unfortunately, TCP port 19000 was exposed to the Internet and when it was probed the attacker would have had a response from the RDP server on Walnut. At the same time the attackers would have been able to get the IP address of Walnut. So the attacker would now know that there is a server and RDP port, that is enough to start probing. | ||
==Impact== | ==Impact== | ||
Revision as of 15:12, 21 July 2025
Introduction
There were some unsuccessful attacks on the services on the Home Lab server. The primary cause of the attack was that RDP access was made to Walnut.
Cause
The principal cause of the attacks was that a DNS name for Walnut was made on Cloudflare as DNS only. This would have exposed the actual IP address of the Home Lab, in itself that would not have been a problem except there was some reference to port 19000 being used for RDP to Walnut. Even that would not have been so much of a problem if Pfsense had been set to drop everything from outside the LAN. Unfortunately, TCP port 19000 was exposed to the Internet and when it was probed the attacker would have had a response from the RDP server on Walnut. At the same time the attackers would have been able to get the IP address of Walnut. So the attacker would now know that there is a server and RDP port, that is enough to start probing.
