Regarding DX4000 security and static IPs

Happy Friday,

Have been running a DX4000 for our small company mostly as a file server and to perform client backups of Windows machines. Our users store Word, Excel, and PDFs, and a big image library of jpgs and gifs.

I use RDP to manage the DX4000 (versus just opening the dashboard).

Outside of my own administration of the DX4000 via RDP, none of us in the company need to access this remotely - either onsite or offsite.

It was initially setup with a static IP, and I think it’s time to change that as it is now getting a brute-force attack through RDP and I don’t see any option to change the RDP listening port on the Sentinel.

Another thing is, our building will be going from DSL to Cable in a few months, which will surely cause an issue with the Static IP on the Sentinel.

So question is, is this a big deal to go from static IP to DHCP on this thing, or will it just create more problems?

Thanks for any help or advice here!

You mean you remote to the desktop from afar and have port 3389 forwarded in your router to the internal static ip of the dx?

was reading up on rudimentary best practices for win server, and it stated that you should change the default RDP port so you don’t get brute force attacked - which i am now.

went into the DX4000s firewall to attempt that, and it essentially won’t let me.

the Sentinel is getting hammered by a bot every 30 seconds and eating resources.

I’ve disabled the admin account and was going to setup a lockout policy, but it’s my understanding that is not enough, so I just want to take it off of the Internet and use it locally here onsite.

What I am not clear on, is if changing it to DCHP will hinder my ability to use RDP to connect to it, and will it disrupt the 7-8 people that access the data shares through windows explorer on their machines.

hope this make sense - I am obviously not full a Sys Admin or Network wiz, but learn quickly :smile:

The issue is you cannot have a brute force attack from outside unless you have port 3389 forwarded to the local ip of the DX
You are correct, it should not be on the internet.

so is it as easy as RDP’ing into the Sentinel and just removing the static IP from it and selecting DHCP instead? how would that affect that clients using the wd connector software?

No, changing from static to dhcp does not really have anything to do with it.

What is the IP of the server?

You need to log into your router and look at port forwarding. If you tell me the make and model of your router I may be able to google the steps for you

then just disabling TCP/IP then just using Client for MS and File and Print sharing?

no you will break it

give me a sec on the router info…

B90-755025-15

supplied by ATT

Netgear by the way…

yes tsgrinder is an issue if you have 3389 exposed/forwarded on your router to the server. These are attacks from outside that try to gain access over 3389. But your router must be configured to send 3389 traffic to your server to do this. You do not want 3389 open on your router

this where the rule would go:

11

you need to figure out the ip of the router
open a cmd prompt on any pc and type ipconfig >enter
the default gateway is the ip of the router
open internet explorer and put that whatever it is 192.168.0.1 for example as the url and press enter
you should get a login
the username and password will be on a sticker on the router (userrname may be blank)
on the left you should see a button for port forwarding

please see previous screenshot pics posted from my router’s config page

why is that 137 in there? Does it point to the ip of yor server???

i believe that’s a forward for a dvr system

here’s the info on that:

43