[THIN] Strange RDP behavior

• From: <Dave.Boatman@xxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Wed, 23 Apr 2003 17:18:32 +0100

A strange one ... I thought I'd share this with one and all.

Citrix XPe + FR2. W2K + SP3

From within "Citrix Connection Configuration" -=20
Select the RDP protocol and "deny" full control,user access and guest access
for  administrators,system and Users - i.e. deny everyone and everything
(something I'm used to ;-> )

Next  - open up a RDP session to that server.

You still get a windows security screen (Welcome to Windows) - although you
can't ctrl,alt,del it to get to open up the login box (where you normally
type your ID and Password). Although you can still click on the "help"
button and get the help to launch.

From "terminal services manager"  screen you can't see the RDP-Tcp
(listener)- only the ICA . Nor can you see the RDP sessions from the CMC
(users, sessions) but obviously RDP is still responding=20

Not quite what I was expecting.

I suppose in theory you could simulate a D.O.S attack on your server by
opening up multiple sessions from clients.. as I'm assuming (perhaps
wrongly) that somewhere the sessions are being initialised and that more
idle sessions are being created. I opened up 35 or so RDP connections and
watched the memory usage go up... so automate  the process and you could
lose a server=20

Disabling the protocol from the "Citrix Connection Configuration" does stop
RDP access in it's tracks.

Hmmmm.....

Dave B=20




CONFIDENTIALITY NOTICE
This communication and the information it contains is intended for the pers=
on or organisation to whom it is addressed.  Its contents are confidential =
and may be protected in law.  Unauthorised use, copying or disclosure of an=
y of it may be unlawful.  If you are not the intended recipient, please con=
tact us immediately.

The contents of any attachments in this e-mail may contain software viruses=
, which could damage your own computer system.  While Marlborough Stirling =
has taken every reasonable precaution to minimise this risk, we cannot acce=
pt liability for any damage which you sustain as a result of software virus=
es.  You should carry out your own virus checking procedure before opening =
any attachment.

Marlborough Stirling plc, Registered No. 3008820,
Allen Jones House, Jessop Avenue, Cheltenham, Gloucestershire, GL50 3SH
Tel: 01242 547000     Fax: 01242 547100
<http://www.marlborough-stirling.com>
<http://www.exchange.co.uk>

The following companies are subsidiaries of Marlborough Stirling plc and ar=
e registered in England and Wales at the above address:
The Marlborough Stirling Group PLC, Registered No. 1855353
Marlborough Stirling Administration Limited, Registered No. 2341195
Exchange FS Group plc, Registered No. 3760381
Exchange FS Limited, Registered No. 2596452
Crisp Computing Limited, Registered No. 1547979


________________________________________________________________________
This=20email=20has=20been=20scanned=20for=20all=20viruses=20by=20the=20Mes=
sageLabs=20SkyScan
service.=20For=20more=20information=20on=20a=20proactive=20anti-virus=20se=
rvice=20working
around=20the=20clock,=20around=20the=20globe,=20visit=20http://www.message=
labs.com
________________________________________________________________________
********************************************************
This Week's Sponsor - ThinPrint
Simply the best print solution for
Microsoft Terminal Services 
and Citrix Metaframe.
http://www.thinprint.com/
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] Strange RDP behavior

1. Home
2. thin
3. Archive
4. 04-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---