Windows 2K3 - RDP Bandwidth Leach

I have several W2K3 servers, and I am noticing a trend start to develop. I am getting spikes in RDP bandwidth - up to 4 - 5 gig per day.

1: I can verify that nobody is logging into the system using a user account.
2: Using PRTG I can can see exactly which IP is leeching the bandwidth (usually from Russia)
3: I have set the Firewall to allow only 3 different IPS’s access to RDP - THIS WORKS, and stops the user. Although this works, it will cause me great grief when travelling and I dont’ know in advance what my IP will be.

So - I’ve solved the problem of someone leaching the bandwidth by limiting IP access with the firewall, but my question is “how are they doing it” without being logged into an account?

The server is always up to date with the latest MS patches, and has up to date virus and malware protection.

Solved: It appears this is just users attempting to log into RDP. Even though the machines are set to autoban an IP after 3 failed attempts, the “Screen” is still fed to the users which is consuming bandwidth. Some of the servers have fairly large BMP images as the screen and this would compound the bandwidth problem further.

I’ve solved this method by setting the firewall to only allow connections from 3 distinct IP addresses, so I can always gain access to make changes if necessary.

Ouch, that might explain something with one of the servers I’m managing, I hadn’t actually considered failed RDP login attempts.

There are reasons why you should have a VPN/firewall in front of any server and only punch through ports the world should be able to hit . . .

Not always that easy, I don’t know 90% of the IP’s i’ll connect to this particular server from for example (dynamic, mobile brandband etc)… and its not ‘my’ server, i just help manage it. But yes, it probably should be VPN’d.

Oh, I’m in the same boat as you – tend to move around a bit, and generally need to be able to connect from whatever connection I can get my hands on. Kinda the point of the VPN really – you can move about the cloud but you can have authorized access to any network required so long as VPN is stood up.