Remote Terminal Services in systems such as Windows 7/vista/xp/2003 is a very powerful service, but also as an intruder in the host of the channel, the intruder can use some means to get the administrator account and password and intrusion into the host. Next, let's look at how to prevent hacking by modifying the default port.
Remote Terminal Services is based on port 3389. Intruders usually scan the host open ports first, and once they are open to port 3389, the next step is to invade, so we just need to modify the default port to avoid the eyes and ears of most intruders.
Steps: Open "Start → run", enter "regedit", open the registry, and go to the following path:
[Hkey_local_machine/system/currentcontrolset/control/terminal server/wds/rdpwd/tds/tcp], see Portnamber value? The default value is 3389, modified to the desired port, such as 8080, to use decimal. See figure below:
Then turn on [hkey_local_machine/system/currentcontrolset/control/terminal server/winstations/rdp-tcp] to portnumber the value ( The default is 3389) modified to port 8080, note using decimal.
This is the end of many tutorials on the web. Indeed, if it is an XP or 2003 system, then the client can make Remote Desktop connection through 8080 ports. However, under Vista and Win 7, the optical modification of the above two ports is 8080, the client is unable to Remote Desktop connection. The reason, the original Vista and win 7 enhanced the function of the firewall. Below is a screenshot of the local port of the remote Desktop that has been modified to 8080, with the original default local port of 3389:
From the firewall policy in the inbound rule, if you do not manually modify the firewall policy port is 8080, you cannot find any firewall policy with a local port of 8080. In other words, in the inbound rule, if the release of port 8080 is not turned on, the firewall will deny access to 8080 ports by default, which is why the client cannot successfully connect to the Remote Desktop.
The Remote Desktop policy in the inbound rule cannot be modified by default, so the firewall policy can only be modified by modifying the registry. Open [Hkey_local_machine/system/currentcontrolset/services/sharedaccess/defaults/firewallpolicy/firewallrules], Change the value of the remotedesktop-in-tcp containing 3389 to 8080 and save the data.
Then open [Hkey_local_machine/system/currentcontrolset/services/sharedaccess/parameters/firewallpolicy/firewallrules] , change the value of the remotedesktop-in-tcp containing 3389 to 8080, and save the data.
After the modification, restart the computer will not take effect, then telnet to use port 8080 on it.
The specific approach to access is IP: port number, such as 192.168.100.100:8080, as shown below:
If you want to use the extranet for Remote Desktop Connection, you also need to do port mapping on the router, as shown in the following figure:
However, there is a problem to solve, is to want to use the Internet for Remote Desktop, must know the remote router's public network IP address, only in the direction of the public network IP address, the above port insinuate only meaningful. But fortunately now most router manufacturers have joined the dynamic DNS support in the router, you can go to the peanut shell (www.oray.net) on the application of a free domain name, and then the router to obtain the dynamic public network IP address and fixed domain name binding, This is done by pinging the domain name to obtain the public IP address of the remote router, and finally successfully implementing Remote Desktop Connection to the Internet.
Remote Desktop Connection via Internet domain name:
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
