Random ports on localhost trying to connect to RDP 3389

Ask Question

Asked 2 months ago

Modified 2 months ago

Viewed 49 times

I am having an issue of what seems to be unauthorized access to a server and would like to direct you to the images below.

Event Viewer:

Wireshark:

From the event log viewer I am seeing there is a login type of 10 (which research shows me is a remote login). Yet the source of the login is the local machine with a source IP of 127.0.0.1.

Secondly my Wireshark capture is showing traffic from localhost to localhost with random usernames. Could I please be directed to where/how I could stop this and probably also find out how a remote login has a source IP of localhost.

edited Sep 11 at 18:51

sotirov

2291 silver badge10 bronze badges

asked Sep 11 at 14:50

unknown techh

32 bronze badges

1

Strong suggestion: Assume your server is virus infected, look for advice on how to clean it.
– tsc_chazz
Sep 11 at 20:12
1

Does this answer your question? How do I deal with a compromised server?
– djdomi
Sep 12 at 7:06

Add a comment |

Stack Exchange Network

Random ports on localhost trying to connect to RDP 3389

0

You must log in to answer this question.

Browse other questions tagged
firewall
rdp
remote-desktop-services
.

Linked

Hot Network Questions

Random ports on localhost trying to connect to RDP 3389

0

You must log in to answer this question.

Browse other questions tagged firewallrdpremote-desktop-services.

Linked

Related

Hot Network Questions

Browse other questions tagged
firewall
rdp
remote-desktop-services
.