Windows Remote Desktop is a tool (present in Pro and higher editions) that allows us to connect to our computer remotely and control it as if we were sitting in front of it. It is a tool widely used in professional environments and in companies, although it is also causing more and more interest among normal users, since it is free and does not require any configuration to use it. However, its popularity also attracts hackers, who take advantage of it to carry out all kinds of computer attacks.
Distributed denial of service attacks, DDoS, are a type of attack that seeks to saturate the victim’s system or network so that it is blocked, without service. This can be done in a number of different ways. And one of the most recent ones used by hackers is to do it through remote Remote Desktop requests , taking advantage of the large number of computers that have it enabled and not protected.
Remote Desktop as a DDoS amplifier
Network protocol analysis platforms estimate that there are currently about 14,000 RDP servers accessible over the Internet. And all of them are without adequate protection so that hackers can use them to reflect and multiply DDoS attacks. As they calculate, each RDP server could multiply the bandwidth by 86 times, so the hackers who control this entire botnet could have at their disposal a 750 Gbps network to carry out their attacks.
No type of malware is required to carry out these attacks. Therefore, neither the victim nor any of the botnet’s “zombies” will be able to protect themselves with an antivirus. What we can do, if we want to avoid falling into the clutches of hackers, is to check that our PC is properly protected and configured to prevent us from being one of these zombies.
How to protect our PC
The first and most important thing, as always, is to make sure our PC is up to date with the latest security patches. This will help prevent various flaws in our system from being exploited to carry out larger-scale attacks.
If we have Windows 10 Pro, and we do not use RDP, we can deactivate the Remote Desktop of the PC. In this way, neither hackers can use our PC to reflect the bandwidth of their attacks nor can they attack our PC. By deactivating this service, the port you use (by default, 3389) will be blocked, being protected against these attacks. If we do not want to give up Remote Desktop, another configuration that helps us protect it is to change the default port to any other, and control it from a firewall.
It is also important to ensure that the PC account is properly protected with a strong password . Otherwise, hackers could connect to our PC and have full control over it.
A good firewall installed on the computer, or certain hardware solutions, will help us mitigate these attacks when they take place. Although these measures are more designed for companies and workspaces than for an average user.