questions-help

In Review

I got this working for RDP (via TCP) to a local machine, from the outside internet. Yay!My ISP (T-Mobile Home Internet) does not allow incoming connections anyway, so having this ability to RDP in through an established tunnel is great. I guess you can do more or less the same thing via ssh -R.What about security? It seems that anyone looking into <a target="_blank" rel="noopener noreferrer nofollow" href="http://us.loclx.io">us.loclx.io</a> will discover the subdomains and can scan the ports and no doubt in short order find the tunnel into my RDP and then start trying to guess passwords and assess other vulnerabilities, etc. Is this correct? I suppose there are logs to see this after the fact. Is this true, and if so, what can be done to improve security? Is this service any better or more secure than an ssh reverse tunnel that goes through a random virtual linux machine somewhere?I see for HTTP a plugin to limit incoming IPs, but I’m not doing HTTP here, and anyway I want to be able to access from Starbucks, hotels, and the like and can’t whitelist all those. Is there some wat to require a certificate?I don’t mind $6 per month, but am I taking a big risk here by exposing my network (and the Microsoft 365 corporate account it connects to) to every malicious bot known to man?

I got this working for RDP (via TCP) to a local machine, from the outside internet. Yay!My ISP (T-Mobile Home Internet) does not allow incoming connections anyway, so having this ability to RDP in through an established tunnel is great. I guess you can do more or less the same thing via ssh -R.What about security? It seems that anyone looking into us.loclx.io will discover the subdomains and can scan the ports and no doubt in short order find the tunnel into my RDP and then start trying to guess passwords and assess other vulnerabilities, etc. Is this correct? I suppose there are logs to...

Someone

I got this working for RDP (via TCP) to a local machine, from the outside internet. Yay!

My ISP (T-Mobile Home Internet) does not allow incoming connections anyway, so having this ability to RDP in through an established tunnel is great. I guess you can do more or less the same thing via ssh -R.

What about security? It seems that anyone looking into [us.loclx.io](http://us.loclx.io) will discover the subdomains and can scan the ports and no doubt in short order find the tunnel into my RDP and then start trying to guess passwords and assess other vulnerabilities, etc. Is this correct? I suppose there are logs to see this after the fact. Is this true, and if so, what can be done to improve security? Is this service any better or more secure than an ssh reverse tunnel that goes through a random virtual linux machine somewhere?

I see for HTTP a plugin to limit incoming IPs, but I’m not doing HTTP here, and anyway I want to be able to access from Starbucks, hotels, and the like and can’t whitelist all those. Is there some wat to require a certificate?

I don’t mind $6 per month, but am I taking a big risk here by exposing my network (and the Microsoft 365 corporate account it connects to) to every malicious bot known to man?



RDP security

Subscribe to post