Security

last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass RDP

This thread has been viewed 8 times

  • 1.  Clearpass RDP

    Posted Dec 07, 2017 08:31 AM
    Hi, I've just been looking at traffic logs for our clearpass server and noticed something odd. Its trying to RDP out to the private address range 172.16.x.x, cycling through each IP address one at a time. Is this normal behaviour?


  • 2.  RE: Clearpass RDP

    EMPLOYEE
    Posted Dec 07, 2017 08:33 AM
    ClearPass does not use the remote desktop protocol.


  • 3.  RE: Clearpass RDP

    Posted Dec 07, 2017 09:16 AM

    Do you know what it would be doing on port 3389?



  • 4.  RE: Clearpass RDP

    EMPLOYEE
    Posted Dec 07, 2017 09:20 AM
    Are you doing any subnet scanning in ClearPass? It could be nmap attempting to probe hosts to profile them.


  • 5.  RE: Clearpass RDP

    Posted Dec 07, 2017 09:27 AM
      |   view attached

    Nmap profiling appears to be off currently.



  • 6.  RE: Clearpass RDP

    EMPLOYEE
    Posted Dec 07, 2017 09:28 AM
    Best to work with TAC then.