Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
rdp server for Linux
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3406

PostPosted: Sat Jul 23, 2016 11:51 am    Post subject: rdp server for Linux Reply with quote

This morning at 7:30 I got another one of those ubiquitous phone calls from India, warning me about my Windows computer.

I know that there is "xrdp" for Linux, but that's not quite what I want. I want a semi-malicious rdp server that will crash any Windows machine that attempts to connect to it with an rdp client. I suspect that a large number of people across the US, maybe Europe too, would like this as well. All I want to do is crash the connecting machine, if I were really malicious I'd want to brick it.

Pardon me please, just venting a bit. Take this as humor, I'm sure you've all received too many of these calls, too. I know that asking for such software is wrong, and this is the wrong place to do so anyway. Perhaps I'm really seeking commiseration.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7277
Location: almost Mile High in the USA

PostPosted: Sat Jul 23, 2016 3:23 pm    Post subject: Reply with quote

LOL
yeah that would be fun to setup a honeypot for humans :)
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3406

PostPosted: Sat Jul 23, 2016 3:43 pm    Post subject: Reply with quote

I was out this morning describing this to my wife, and then started wondering if I could set up a tarpit on the rdp port. Not as good as crashing the "Windows helper", but still annoying.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7277
Location: almost Mile High in the USA

PostPosted: Sat Jul 23, 2016 5:37 pm    Post subject: Reply with quote

Need to find some exploits in the windows client is the other problem. Probably spamming it with everchanging data from xrdp probably isn't sufficient...

Yeah, tarpitting the rdp port to a fake rdp server (using Linux) might be interesting...
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7328
Location: Saint Amant, Acadiana

PostPosted: Sat Jul 23, 2016 5:54 pm    Post subject: Reply with quote

I wonder where from they get the contact information. From Microsoft? I've never received a call like this, is it because I haven't used MS products for over 12 years now?
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3406

PostPosted: Sat Jul 23, 2016 6:11 pm    Post subject: Reply with quote

I don't know where they get their info. I bought a Win98SE upgrade license one or two years ago, and last summer I bought a Thinkpad that came with Windows 7, which I've only ever booted a few times since.

I think they're just calling every land line. Are you a cord-cutter, Jaglover? Are you in the US?

I looked into tarpitting briefly. It's almost as bad for you as it is for them, since it ties up TCP connection resources. If I were to do it, I'd do it just for RDP, and normally leave it turned off, until getting the call. The second part would probably be getting on 4-chan, if only to post their IP address. I'm not sure of any better place to post an "India Windows Help IP address."
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 7328
Location: Saint Amant, Acadiana

PostPosted: Sat Jul 23, 2016 10:27 pm    Post subject: Reply with quote

Always had a landline, still do. In the USA, yes. I have registered at nocall registry, but I do not think those dudes care about it. I think they are hacking into Microsoft to get the user data. Do you have reveal your phone # when you register with MS?
_________________
Please learn how to denote units correctly!
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7277
Location: almost Mile High in the USA

PostPosted: Sun Jul 24, 2016 1:14 pm    Post subject: Reply with quote

I think these calls are random, they indeed disregard DNC and simply assume you run Windows because it is still the most popular PC hardware OS...

I'm sure next they'll attempt to do the same on Android or iOS phones but this is harder, probably only a 50/50 chance of getting it right, plus most phone ISPs firewall their phones - best they can do is try to get you to download a trojan horse.

At this point if I were to get such call I'd just hang up on them. No sense to deal with their BS, though it would be funny if you had a windows machine that always brought up a dialog box "Error!" whenever they did something no matter what they do, that would be hilarious.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
JeroenMathon
n00b
n00b


Joined: 11 Aug 2016
Posts: 17
Location: /usr/portage/sys-kernel/JeroenMathon

PostPosted: Thu Aug 11, 2016 1:44 pm    Post subject: Reply with quote

@OP

Long story short you would need to find an exploit in order to do that.
Most VNC clients cannot cause its host machine to crash(Unless you do some heft modifications).

The reverse might be possible(using a client to crash a server) but most VNC servers have already been patched for that exploit.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 7277
Location: almost Mile High in the USA

PostPosted: Thu Aug 11, 2016 5:01 pm    Post subject: Reply with quote

Actually what would make it frustrating is make the RDP server drop connection every couple of seconds... that would really frustrate the remote hacker.

Then again if they hack via script...this may not be as effective.
_________________
Intel Core i7 2700K@ 4.1GHz/HD3000 graphics/8GB DDR3/180GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2562

PostPosted: Thu Aug 11, 2016 5:22 pm    Post subject: Reply with quote

The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.

I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.

And of course monitor it.

But then I have no interest in actually spending money on a license just to do this, and it would be a lot of work to set up anyway...
Back to top
View user's profile Send private message
JeroenMathon
n00b
n00b


Joined: 11 Aug 2016
Posts: 17
Location: /usr/portage/sys-kernel/JeroenMathon

PostPosted: Fri Aug 12, 2016 5:48 am    Post subject: Reply with quote

1clue wrote:
The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.

I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.

And of course monitor it.

But then I have no interest in actually spending money on a license just to do this, and it would be a lot of work to set up anyway...


Arent there free OpenSource solutions you can use that listen on the same protocol.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2562

PostPosted: Fri Aug 12, 2016 2:18 pm    Post subject: Reply with quote

JeroenMathon wrote:
1clue wrote:
The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.

I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.

And of course monitor it.

But then I have no interest in actually spending money on a license just to do this, and it would be a lot of work to set up anyway...


Arent there free OpenSource solutions you can use that listen on the same protocol.


Sure. Since we're all griping about a hypothetical honey trap to (in other cases) crash the remote client or (in my case) waste monumental amounts of time for the intruder the needs of the server would vary quite a bit.

In the first case (crashing the client) you could try that on any platform. In my case (wasting time) anything that seems like a non-Windows computer would tip them off that something is not right, which would make them waste less time.

I can't say what anyone else will do, but my solution is pure fantasy. It's not going to happen, I'm not spending $100 usd to get a license just so I can watch intruders mess it up, let alone put in the work to make an error-injecting proxy.
Back to top
View user's profile Send private message
JeroenMathon
n00b
n00b


Joined: 11 Aug 2016
Posts: 17
Location: /usr/portage/sys-kernel/JeroenMathon

PostPosted: Fri Aug 12, 2016 2:52 pm    Post subject: Reply with quote

1clue wrote:
JeroenMathon wrote:
1clue wrote:
The calls are random. My parents get them, and they're 82, have no internet connection and have never owned a Windows computer.

I've thought of setting up a Windows VM with rdp open, something that's not quite able to do what the intruders want but keeping them occupied trying for days, weeks or months. Let's say, on a separate network that has not very reliable Internet service. Maybe for every non-RDP port have the router inject random errors into every third packet.

And of course monitor it.

But then I have no interest in actually spending money on a license just to do this, and it would be a lot of work to set up anyway...


Arent there free OpenSource solutions you can use that listen on the same protocol.


Sure. Since we're all griping about a hypothetical honey trap to (in other cases) crash the remote client or (in my case) waste monumental amounts of time for the intruder the needs of the server would vary quite a bit.

In the first case (crashing the client) you could try that on any platform. In my case (wasting time) anything that seems like a non-Windows computer would tip them off that something is not right, which would make them waste less time.

I can't say what anyone else will do, but my solution is pure fantasy. It's not going to happen, I'm not spending $100 usd to get a license just so I can watch intruders mess it up, let alone put in the work to make an error-injecting proxy.


Then i recommend that you apply a whitelist.
Back to top
View user's profile Send private message
1clue
Advocate
Advocate


Joined: 05 Feb 2006
Posts: 2562

PostPosted: Fri Aug 12, 2016 3:30 pm    Post subject: Reply with quote

Are you talking to me, or to the OP?

I don't have any windows systems exposed to the outside world. I have no need of a whitelist.
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1777

PostPosted: Sat Aug 13, 2016 6:17 pm    Post subject: Reply with quote

Quote:
. In my case (wasting time) anything that seems like a non-Windows computer would tip them off that something is not right, which would make them waste less time.
Just make id display loading screen :lol:
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum