So I have a system at my home set up with RDP enabled for remote access to it. To avoid brute force scans and detections of it I changed the port to 8079 from 3389.
From 3 locations I can connect and maintain a connection to myip:8079 via RDP through those systems. At a 4th location lately I am connected for about 10 minutes and then get greeted with a message that the connection has been lost and its trying counting 1 to 20 to re-establish the connection.
** This problem was happening prior to changing the port from 3389 to 8079 so its not related to the port change **
Problem is that when this happens at this 4th location to my home system, my home network storms and it takes down my local network. IP Phones and all which is BAD. I then have to drive 8 miles home from this location and reboot the network devices to get rid of the storm.
The network is a simple 5 port Linksys router with port forwarding for 8079 at IP 192.168.10.101 so that RDP will function at myip:8079 to this Windows XP Pro SP3 system. This system is also setup with a static IP of 192.168.10.101 instead of DHCP giving it the IP. DHCP then gives 102.103.104 etc to the other systems and devices.
Do I need to move this static IP higher to that its not in the range of the normal DHCP scope - or - is the 4th site poisoning my local network somehow through the RDP session?
Going to go home for lunch and will move the IP to 192.168.10.249 to set it outside of the normal DHCP lease scope to avoid potential for IP conflict if DHCP tries to give out 192.168.10.101 when 101 is static to a device. But I am concerned that that might not be the fix given that 3 sites have no issues with connections lasting hours on end even idle connections at times without disconnects. So I am concerned as to if there is a way to poison one network over the other via a RDP session. Windows XP Firewall is also enabled with exception for 8079 to allow for RDP service through that custom port.
Very ODD
<< UPDATE >> --> Went home to confirm that local network was not storming as I had originally thought,
but instead my Motorolla Surfboard SB5100 Broadband Modem was getting stormed. Local network inside Router to all my devices was quiet and confirmed with Wireshark. IP could not be pinged during this period from inside or outside of network. Rebooted the Motorolla Modem and everything was back to normal.
Also changed the IP to 192.168.10.249 and changed port forwarding to 192.168.10.249 to get that system out of the normal DHCP scope to avoid any DHCP issues with leases etc. Confirmed that I could get back into home location agin from locations 1 and 2 as well with no problems.
Any ideas what can be causing a DoS type of storm between this 4th site and my home Broadband Modem
? The 4th site is a corporate location with a large network, and they have a sonic wall to control internet access. This remote access is so that I can do my job going to specific sites that the normal workers are blocked from access too from any system via RDP and use of home internet connection as actual gateway to the internet.
