View previous topic :: View next topic |
Author |
Message |
depontius Advocate
Joined: 05 May 2004 Posts: 3509
|
Posted: Sat Jul 23, 2016 11:51 am Post subject: rdp server for Linux |
|
|
This morning at 7:30 I got another one of those ubiquitous phone calls from India, warning me about my Windows computer.
I know that there is "xrdp" for Linux, but that's not quite what I want. I want a semi-malicious rdp server that will crash any Windows machine that attempts to connect to it with an rdp client. I suspect that a large number of people across the US, maybe Europe too, would like this as well. All I want to do is crash the connecting machine, if I were really malicious I'd want to brick it.
Pardon me please, just venting a bit. Take this as humor, I'm sure you've all received too many of these calls, too. I know that asking for such software is wrong, and this is the wrong place to do so anyway. Perhaps I'm really seeking commiseration. _________________ .sigs waste space and bandwidth |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Sat Jul 23, 2016 3:23 pm Post subject: |
|
|
LOL
yeah that would be fun to setup a honeypot for humans :) _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
depontius Advocate
Joined: 05 May 2004 Posts: 3509
|
Posted: Sat Jul 23, 2016 3:43 pm Post subject: |
|
|
I was out this morning describing this to my wife, and then started wondering if I could set up a tarpit on the rdp port. Not as good as crashing the "Windows helper", but still annoying. _________________ .sigs waste space and bandwidth |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Sat Jul 23, 2016 5:37 pm Post subject: |
|
|
Need to find some exploits in the windows client is the other problem. Probably spamming it with everchanging data from xrdp probably isn't sufficient...
Yeah, tarpitting the rdp port to a fake rdp server (using Linux) might be interesting... _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
Jaglover Watchman
Joined: 29 May 2005 Posts: 8291 Location: Saint Amant, Acadiana
|
|
Back to top |
|
|
depontius Advocate
Joined: 05 May 2004 Posts: 3509
|
Posted: Sat Jul 23, 2016 6:11 pm Post subject: |
|
|
I don't know where they get their info. I bought a Win98SE upgrade license one or two years ago, and last summer I bought a Thinkpad that came with Windows 7, which I've only ever booted a few times since.
I think they're just calling every land line. Are you a cord-cutter, Jaglover? Are you in the US?
I looked into tarpitting briefly. It's almost as bad for you as it is for them, since it ties up TCP connection resources. If I were to do it, I'd do it just for RDP, and normally leave it turned off, until getting the call. The second part would probably be getting on 4-chan, if only to post their IP address. I'm not sure of any better place to post an "India Windows Help IP address." _________________ .sigs waste space and bandwidth |
|
Back to top |
|
|
Jaglover Watchman
Joined: 29 May 2005 Posts: 8291 Location: Saint Amant, Acadiana
|
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Sun Jul 24, 2016 1:14 pm Post subject: |
|
|
I think these calls are random, they indeed disregard DNC and simply assume you run Windows because it is still the most popular PC hardware OS...
I'm sure next they'll attempt to do the same on Android or iOS phones but this is harder, probably only a 50/50 chance of getting it right, plus most phone ISPs firewall their phones - best they can do is try to get you to download a trojan horse.
At this point if I were to get such call I'd just hang up on them. No sense to deal with their BS, though it would be funny if you had a windows machine that always brought up a dialog box "Error!" whenever they did something no matter what they do, that would be hilarious. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
JeroenMathon n00b
Joined: 11 Aug 2016 Posts: 21 Location: The Netherlands
|
Posted: Thu Aug 11, 2016 1:44 pm Post subject: |
|
|
@OP
Long story short you would need to find an exploit in order to do that.
Most VNC clients cannot cause its host machine to crash(Unless you do some heft modifications).
The reverse might be possible(using a client to crash a server) but most VNC servers have already been patched for that exploit. |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Thu Aug 11, 2016 5:01 pm Post subject: |
|
|
Actually what would make it frustrating is make the RDP server drop connection every couple of seconds... that would really frustrate the remote hacker.
Then again if they hack via script...this may not be as effective. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Thu Aug 11, 2016 5:22 pm Post subject: |
|
|
The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.
I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.
And of course monitor it.
But then I have no interest in actually spending money on a license just to do this, and it would be a lot of work to set up anyway... |
|
Back to top |
|
|
JeroenMathon n00b
Joined: 11 Aug 2016 Posts: 21 Location: The Netherlands
|
Posted: Fri Aug 12, 2016 5:48 am Post subject: |
|
|
1clue wrote: | The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.
I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.
And of course monitor it.
But then I have no interest in actually spending money on a license just to do this, and it would be a lot of work to set up anyway... |
Arent there free OpenSource solutions you can use that listen on the same protocol. |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Fri Aug 12, 2016 2:18 pm Post subject: |
|
|
JeroenMathon wrote: | 1clue wrote: | The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.
I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.
And of course monitor it.
But then I have no interest in actually spending money on a license just to do this, and it would be a lot of work to set up anyway... |
Arent there free OpenSource solutions you can use that listen on the same protocol. |
Sure. Since we're all griping about a hypothetical honey trap to (in other cases) crash the remote client or (in my case) waste monumental amounts of time for the intruder the needs of the server would vary quite a bit.
In the first case (crashing the client) you could try that on any platform. In my case (wasting time) anything that seems like a non-Windows computer would tip them off that something is not right, which would make them waste less time.
I can't say what anyone else will do, but my solution is pure fantasy. It's not going to happen, I'm not spending $100 usd to get a license just so I can watch intruders mess it up, let alone put in the work to make an error-injecting proxy. |
|
Back to top |
|
|
JeroenMathon n00b
Joined: 11 Aug 2016 Posts: 21 Location: The Netherlands
|
Posted: Fri Aug 12, 2016 2:52 pm Post subject: |
|
|
1clue wrote: | JeroenMathon wrote: | 1clue wrote: | The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.
I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.
And of course monitor it.
But then I have no interest in actually spending money on a license just to do this, and it would be a lot of work to set up anyway... |
Arent there free OpenSource solutions you can use that listen on the same protocol. |
Sure. Since we're all griping about a hypothetical honey trap to (in other cases) crash the remote client or (in my case) waste monumental amounts of time for the intruder the needs of the server would vary quite a bit.
In the first case (crashing the client) you could try that on any platform. In my case (wasting time) anything that seems like a non-Windows computer would tip them off that something is not right, which would make them waste less time.
I can't say what anyone else will do, but my solution is pure fantasy. It's not going to happen, I'm not spending $100 usd to get a license just so I can watch intruders mess it up, let alone put in the work to make an error-injecting proxy. |
Then i recommend that you apply a whitelist. |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Fri Aug 12, 2016 3:30 pm Post subject: |
|
|
Are you talking to me, or to the OP?
I don't have any windows systems exposed to the outside world. I have no need of a whitelist. |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3140
|
Posted: Sat Aug 13, 2016 6:17 pm Post subject: |
|
|
Quote: | . In my case (wasting time) anything that seems like a non-Windows computer would tip them off that something is not right, which would make them waste less time. | Just make id display loading screen |
|
Back to top |
|
|
|