Discussion:
Remote Desktop Port Address on a PDA
(too old to reply)
StuffJustHapens
2005-01-28 10:14:15 UTC
Permalink
Just to give our friendly crackers another minor challenge, we've
changed the default port for RDP sessions on all our servers. (VPN
tunnelling next on the list but changing the port was a quick and dirty
option I could do right away).

All working OK for desktops, but now I discover that the Client on my
PDA iPAQ 4150 witn WM2003 won't accept a port identifier on the IP
address line so there goes my mobile support option --AAARGH!

I understand from a bit of searching that there was a registry tweak for
PPC2002 but that it doesn't work with 2003.

Any ideas? Is there a third party client that works OK??

Thanks
Vera Noest [MVP]
2005-01-28 20:53:52 UTC
Permalink
Haven't checked this personally, but someone posted this info some
weeks ago:

Follow these steps to customize your Pocket PC to use any port you
want.

1. Download & install a Pocket PC Registry Editor
(http://www.bitsinside.com)
2. Add the following key to the registry on your Pocket PC:

HKEY_CURRENT_USER\Software\Microsoft\Terminal Services\Default
Server Port : dword=3389

Change 3389 to your new port number.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---
Post by StuffJustHapens
Just to give our friendly crackers another minor challenge,
we've changed the default port for RDP sessions on all our
servers. (VPN tunnelling next on the list but changing the port
was a quick and dirty option I could do right away).
All working OK for desktops, but now I discover that the Client
on my PDA iPAQ 4150 witn WM2003 won't accept a port identifier
on the IP address line so there goes my mobile support option
--AAARGH!
I understand from a bit of searching that there was a registry
tweak for
PPC2002 but that it doesn't work with 2003.
Any ideas? Is there a third party client that works OK??
Thanks
Patrick Rouse
2005-01-29 06:05:02 UTC
Permalink
In all honesty, changing the port number won't stop any capable of cracking
passwords or hacking your system from getting in, it will only prevent script
kiddies with no knowledge from seeing what they can get into. Anyone with a
good port scanner and time on their hands can find whatever they desire to
look hard enough for.

RDP is as secure on port 3389 as HTTPS, and very few people change that
port. If you are paranoid about security the only truely hackerproof
solution is one that uses PKI, i.e. IPSec/L2TP VPN, as certificate checking
is done and secure tunnel are established before credentials are exchanged.
NO cert, no connection, no option to try to supply credentials.

PPTP VPN for remote users of Terminal Server is a total waste of overhead,
man hours, and in most cases makes a system less secure, because you expose
your system to any bad things running on remote systems.

VPN is only safe if:

1. It IPSec/L2TP
2. It's managed on both ends (i.e. you control the firewall on both sides).

If you implement a VPN without these two things, then you're fooling
yourself in thinking it's secure.

Patrick Rouse
Microsoft MVP - Terminal Server
http://www.workthin.com
Post by Vera Noest [MVP]
Haven't checked this personally, but someone posted this info some
Follow these steps to customize your Pocket PC to use any port you
want.
1. Download & install a Pocket PC Registry Editor
(http://www.bitsinside.com)
HKEY_CURRENT_USER\Software\Microsoft\Terminal Services\Default
Server Port : dword=3389
Change 3389 to your new port number.
--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---
Post by StuffJustHapens
Just to give our friendly crackers another minor challenge,
we've changed the default port for RDP sessions on all our
servers. (VPN tunnelling next on the list but changing the port
was a quick and dirty option I could do right away).
All working OK for desktops, but now I discover that the Client
on my PDA iPAQ 4150 witn WM2003 won't accept a port identifier
on the IP address line so there goes my mobile support option
--AAARGH!
I understand from a bit of searching that there was a registry tweak for
PPC2002 but that it doesn't work with 2003.
Any ideas? Is there a third party client that works OK??
Thanks
Loading...